openSUSE Security Update: Security update for qemu
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2017:0707-1
Rating:             important
References:         #1014702 #1015169 #1016779 #1017081 #1017084 
                    #1020491 #1020589 #1020928 #1021129 #1021195 
                    #1021481 #1022541 #1023004 #1023053 #1023073 
                    #1023907 #1024972 #1026583 #977027 
Cross-References:   CVE-2016-10028 CVE-2016-10029 CVE-2016-10155
                    CVE-2016-9921 CVE-2016-9922 CVE-2017-2615
                    CVE-2017-2620 CVE-2017-5525 CVE-2017-5526
                    CVE-2017-5552 CVE-2017-5578 CVE-2017-5667
                    CVE-2017-5856 CVE-2017-5857 CVE-2017-5898
                   
Affected Products:
                    openSUSE Leap 42.2
______________________________________________________________________________

   An update that solves 15 vulnerabilities and has four fixes
   is now available.

Description:


   This update for qemu fixes several issues.

   These security issues were fixed:

   - CVE-2017-5898: The CCID Card device emulator support was vulnerable to
     an integer overflow flaw allowing a privileged user to crash the Qemu
     process on the host resulting in DoS (bsc#1023907).
   - CVE-2017-5857: The Virtio GPU Device emulator support was vulnerable to
     a host memory leakage issue allowing a guest user to leak host memory
     resulting in DoS (bsc#1023073).
   - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine
     cirrus_bitblt_cputovideo failed to check the memory region, allowing for
     an out-of-bounds write that allows for privilege escalation (bsc#1024972)
   - CVE-2017-2615: An error in the bitblt copy operation could have allowed
     a malicious guest administrator to cause an out of bounds memory access,
     possibly leading to information disclosure
     or privilege escalation (bsc#1023004)
   - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation
     support was vulnerable to a memory leakage issue allowing a privileged
     user to leak host memory resulting in DoS (bsc#1023053)
   - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable
     to a divide by zero issue while copying VGA data. A privileged user
     inside guest could have used this flaw to crash the process instance on
     the host, resulting in DoS (bsc#1014702)
   - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable
     to a divide by zero issue while copying VGA data. A privileged user
     inside guest could have used this flaw to crash the process instance on
     the host, resulting in DoS (bsc#1014702)
   - CVE-2016-10029: The Virtio GPU Device emulator support was vulnerable to
     an OOB read issue allowing a guest user to crash the Qemu process
     instance resulting in Dos (bsc#1017081).
   - CVE-2016-10028: The Virtio GPU Device emulator support was vulnerable to
     an out of bounds memory access issue allowing a guest user to crash the
     Qemu process instance on a host, resulting in DoS (bsc#1017084).
   - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was
     vulnerable to a memory leakage issue allowing a privileged user to cause
     a DoS and/or potentially crash the Qemu process on the host (bsc#1021129)
   - CVE-2017-5552: The Virtio GPU Device emulator support was vulnerable to
     a memory leakage issue allowing a guest user to leak host memory
     resulting in DoS (bsc#1021195).
   - CVE-2017-5578: The Virtio GPU Device emulator support was vulnerable to
     a memory leakage issue allowing a guest user to leak host memory
     resulting in DoS (bsc#1021481).
   - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable
     to a memory leakage issue allowing a privileged user inside the guest to
     cause a DoS and/or potentially crash the Qemu process on the host
     (bsc#1020589).
   - CVE-2017-5525: The ac97 audio device emulation support was vulnerable to
     a memory leakage issue allowing a privileged user inside the guest to
     cause a DoS and/or potentially crash the Qemu process on the host
     (bsc#1020491).
   - CVE-2017-5667: The SDHCI device emulation support was vulnerable to an
     OOB heap access issue allowing a privileged user inside the guest to
     crash the Qemu process resulting in DoS or potentially execute arbitrary
     code with privileges of the Qemu process on the host (bsc#1022541).
   - CVE-2017-5898: The CCID Card device emulator support was vulnerable to
     an integer overflow allowing a privileged user inside the guest to crash
     the Qemu process resulting in DoS (bnc#1023907)

   These non-security issues were fixed:

   - Fix name of s390x specific sysctl configuration file to end with .conf
     (bsc#1026583)
   - XHCI fixes (bsc#977027)
   - Fixed rare race during s390x guest reboot
   - Fixed various inaccuracies in cirrus vga device emulation
   - Fixed cause of infrequent migration failures from bad virtio device
     state (bsc#1020928)
   - Fixed graphical update errors introduced by previous security fix
     (bsc#1016779)

   This update was imported from the SUSE:SLE-12-SP2:Update update project.


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE Leap 42.2:

      zypper in -t patch openSUSE-2017-349=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE Leap 42.2 (i586 x86_64):

      qemu-2.6.2-29.4
      qemu-arm-2.6.2-29.4
      qemu-arm-debuginfo-2.6.2-29.4
      qemu-block-curl-2.6.2-29.4
      qemu-block-curl-debuginfo-2.6.2-29.4
      qemu-block-dmg-2.6.2-29.4
      qemu-block-dmg-debuginfo-2.6.2-29.4
      qemu-block-iscsi-2.6.2-29.4
      qemu-block-iscsi-debuginfo-2.6.2-29.4
      qemu-block-ssh-2.6.2-29.4
      qemu-block-ssh-debuginfo-2.6.2-29.4
      qemu-debugsource-2.6.2-29.4
      qemu-extra-2.6.2-29.4
      qemu-extra-debuginfo-2.6.2-29.4
      qemu-guest-agent-2.6.2-29.4
      qemu-guest-agent-debuginfo-2.6.2-29.4
      qemu-kvm-2.6.2-29.4
      qemu-lang-2.6.2-29.4
      qemu-linux-user-2.6.2-29.1
      qemu-linux-user-debuginfo-2.6.2-29.1
      qemu-linux-user-debugsource-2.6.2-29.1
      qemu-ppc-2.6.2-29.4
      qemu-ppc-debuginfo-2.6.2-29.4
      qemu-s390-2.6.2-29.4
      qemu-s390-debuginfo-2.6.2-29.4
      qemu-testsuite-2.6.2-29.8
      qemu-tools-2.6.2-29.4
      qemu-tools-debuginfo-2.6.2-29.4
      qemu-x86-2.6.2-29.4
      qemu-x86-debuginfo-2.6.2-29.4

   - openSUSE Leap 42.2 (x86_64):

      qemu-block-rbd-2.6.2-29.4
      qemu-block-rbd-debuginfo-2.6.2-29.4

   - openSUSE Leap 42.2 (noarch):

      qemu-ipxe-1.0.0-29.4
      qemu-seabios-1.9.1-29.4
      qemu-sgabios-8-29.4
      qemu-vgabios-1.9.1-29.4


References:

   https://www.suse.com/security/cve/CVE-2016-10028.html
   https://www.suse.com/security/cve/CVE-2016-10029.html
   https://www.suse.com/security/cve/CVE-2016-10155.html
   https://www.suse.com/security/cve/CVE-2016-9921.html
   https://www.suse.com/security/cve/CVE-2016-9922.html
   https://www.suse.com/security/cve/CVE-2017-2615.html
   https://www.suse.com/security/cve/CVE-2017-2620.html
   https://www.suse.com/security/cve/CVE-2017-5525.html
   https://www.suse.com/security/cve/CVE-2017-5526.html
   https://www.suse.com/security/cve/CVE-2017-5552.html
   https://www.suse.com/security/cve/CVE-2017-5578.html
   https://www.suse.com/security/cve/CVE-2017-5667.html
   https://www.suse.com/security/cve/CVE-2017-5856.html
   https://www.suse.com/security/cve/CVE-2017-5857.html
   https://www.suse.com/security/cve/CVE-2017-5898.html
   https://bugzilla.suse.com/1014702
   https://bugzilla.suse.com/1015169
   https://bugzilla.suse.com/1016779
   https://bugzilla.suse.com/1017081
   https://bugzilla.suse.com/1017084
   https://bugzilla.suse.com/1020491
   https://bugzilla.suse.com/1020589
   https://bugzilla.suse.com/1020928
   https://bugzilla.suse.com/1021129
   https://bugzilla.suse.com/1021195
   https://bugzilla.suse.com/1021481
   https://bugzilla.suse.com/1022541
   https://bugzilla.suse.com/1023004
   https://bugzilla.suse.com/1023053
   https://bugzilla.suse.com/1023073
   https://bugzilla.suse.com/1023907
   https://bugzilla.suse.com/1024972
   https://bugzilla.suse.com/1026583
   https://bugzilla.suse.com/977027

openSUSE: 2017:0707-1: important: qemu

March 16, 2017
An update that solves 15 vulnerabilities and has four fixes An update that solves 15 vulnerabilities and has four fixes An update that solves 15 vulnerabilities and has four fixes ...

Description

This update for qemu fixes several issues. These security issues were fixed: - CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow flaw allowing a privileged user to crash the Qemu process on the host resulting in DoS (bsc#1023907). - CVE-2017-5857: The Virtio GPU Device emulator support was vulnerable to a host memory leakage issue allowing a guest user to leak host memory resulting in DoS (bsc#1023073). - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation (bsc#1024972) - CVE-2017-2615: An error in the bitblt copy operation could have allowed a malicious guest administrator to cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation (bsc#1023004) - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a memory leakage issue allowing a privileged user to leak host memory resulting in DoS (bsc#1023053) - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702) - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702) - CVE-2016-10029: The Virtio GPU Device emulator support was vulnerable to an OOB read issue allowing a guest user to crash the Qemu process instance resulting in Dos (bsc#1017081). - CVE-2016-10028: The Virtio GPU Device emulator support was vulnerable to an out of bounds memory access issue allowing a guest user to crash the Qemu process instance on a host, resulting in DoS (bsc#1017084). - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1021129) - CVE-2017-5552: The Virtio GPU Device emulator support was vulnerable to a memory leakage issue allowing a guest user to leak host memory resulting in DoS (bsc#1021195). - CVE-2017-5578: The Virtio GPU Device emulator support was vulnerable to a memory leakage issue allowing a guest user to leak host memory resulting in DoS (bsc#1021481). - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1020589). - CVE-2017-5525: The ac97 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1020491). - CVE-2017-5667: The SDHCI device emulation support was vulnerable to an OOB heap access issue allowing a privileged user inside the guest to crash the Qemu process resulting in DoS or potentially execute arbitrary code with privileges of the Qemu process on the host (bsc#1022541). - CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow allowing a privileged user inside the guest to crash the Qemu process resulting in DoS (bnc#1023907) These non-security issues were fixed: - Fix name of s390x specific sysctl configuration file to end with .conf (bsc#1026583) - XHCI fixes (bsc#977027) - Fixed rare race during s390x guest reboot - Fixed various inaccuracies in cirrus vga device emulation - Fixed cause of infrequent migration failures from bad virtio device state (bsc#1020928) - Fixed graphical update errors introduced by previous security fix (bsc#1016779) This update was imported from the SUSE:SLE-12-SP2:Update update project.

 

Patch

Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-349=1 To bring your system up-to-date, use "zypper patch".


Package List

- openSUSE Leap 42.2 (i586 x86_64): qemu-2.6.2-29.4 qemu-arm-2.6.2-29.4 qemu-arm-debuginfo-2.6.2-29.4 qemu-block-curl-2.6.2-29.4 qemu-block-curl-debuginfo-2.6.2-29.4 qemu-block-dmg-2.6.2-29.4 qemu-block-dmg-debuginfo-2.6.2-29.4 qemu-block-iscsi-2.6.2-29.4 qemu-block-iscsi-debuginfo-2.6.2-29.4 qemu-block-ssh-2.6.2-29.4 qemu-block-ssh-debuginfo-2.6.2-29.4 qemu-debugsource-2.6.2-29.4 qemu-extra-2.6.2-29.4 qemu-extra-debuginfo-2.6.2-29.4 qemu-guest-agent-2.6.2-29.4 qemu-guest-agent-debuginfo-2.6.2-29.4 qemu-kvm-2.6.2-29.4 qemu-lang-2.6.2-29.4 qemu-linux-user-2.6.2-29.1 qemu-linux-user-debuginfo-2.6.2-29.1 qemu-linux-user-debugsource-2.6.2-29.1 qemu-ppc-2.6.2-29.4 qemu-ppc-debuginfo-2.6.2-29.4 qemu-s390-2.6.2-29.4 qemu-s390-debuginfo-2.6.2-29.4 qemu-testsuite-2.6.2-29.8 qemu-tools-2.6.2-29.4 qemu-tools-debuginfo-2.6.2-29.4 qemu-x86-2.6.2-29.4 qemu-x86-debuginfo-2.6.2-29.4 - openSUSE Leap 42.2 (x86_64): qemu-block-rbd-2.6.2-29.4 qemu-block-rbd-debuginfo-2.6.2-29.4 - openSUSE Leap 42.2 (noarch): qemu-ipxe-1.0.0-29.4 qemu-seabios-1.9.1-29.4 qemu-sgabios-8-29.4 qemu-vgabios-1.9.1-29.4


References

https://www.suse.com/security/cve/CVE-2016-10028.html https://www.suse.com/security/cve/CVE-2016-10029.html https://www.suse.com/security/cve/CVE-2016-10155.html https://www.suse.com/security/cve/CVE-2016-9921.html https://www.suse.com/security/cve/CVE-2016-9922.html https://www.suse.com/security/cve/CVE-2017-2615.html https://www.suse.com/security/cve/CVE-2017-2620.html https://www.suse.com/security/cve/CVE-2017-5525.html https://www.suse.com/security/cve/CVE-2017-5526.html https://www.suse.com/security/cve/CVE-2017-5552.html https://www.suse.com/security/cve/CVE-2017-5578.html https://www.suse.com/security/cve/CVE-2017-5667.html https://www.suse.com/security/cve/CVE-2017-5856.html https://www.suse.com/security/cve/CVE-2017-5857.html https://www.suse.com/security/cve/CVE-2017-5898.html https://bugzilla.suse.com/1014702 https://bugzilla.suse.com/1015169 https://bugzilla.suse.com/1016779 https://bugzilla.suse.com/1017081 https://bugzilla.suse.com/1017084 https://bugzilla.suse.com/1020491 https://bugzilla.suse.com/1020589 https://bugzilla.suse.com/1020928 https://bugzilla.suse.com/1021129 https://bugzilla.suse.com/1021195 https://bugzilla.suse.com/1021481 https://bugzilla.suse.com/1022541 https://bugzilla.suse.com/1023004 https://bugzilla.suse.com/1023053 https://bugzilla.suse.com/1023073 https://bugzilla.suse.com/1023907 https://bugzilla.suse.com/1024972 https://bugzilla.suse.com/1026583 https://bugzilla.suse.com/977027


Severity
Announcement ID: openSUSE-SU-2017:0707-1
Rating: important
Affected Products: openSUSE Leap 42.2

Related News

11.Locks IsometricPattern Esm H320
2 - 3 min read
The Kinsing hacker group, or H2Miner, has been orchestrating illicit cryptocurrency mining campaigns since 2019 and poses a persistent security
32.Lock Code Circular Esm H320
2 - 3 min read
The Kimsuky APT group, reportedly linked to North Korea's Reconnaissance General Bureau (RGB), has been identified deploying a Linux version of its
4.Lock AbstractDigital Esm H320
2 - 3 min read
Recent research sheds light on the security vulnerabilities prevalent in Linux vendor kernels due to flawed engineering processes that backport
28.Lock Globe Esm H320
1 - 2 min read
The intersection of Linux and quantum computing has become increasingly apparent, emphasizing the importance of Linux-based operating systems in
6.EmailConnection Touch Esm H320
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
30.Lock Globe Motherboard Esm H320
1 - 2 min read
As cybersecurity practitioners, we are no strangers to the constant threat of malicious actors and the importance of remaining vigilant to protect
22.Lock ScreenEffect Esm H320
1 - 2 min read
EndeavorOS Gemini is a captivating and charming desktop operating system based on Arch Linux. The new release includes a kernel upgrade, 3D graphics
25.@Sign Hook Keyboard Esm H320
1 min read
Cyber risk is increasing for individuals and organizations, making flexible and robust solutions for identifying spam and malware increasingly

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved