Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

openSUSE Leap 42.2 - 2017:2941-1 Important: Qemu Denial Of Service

opensuse
Calendar Grey November 7, 2017
Dist Opensuse Esm H88
An important upgrade for Fedora addresses several security flaws in libvirt, promoting improved platform reliability and enhanced protection measures.
An update that solves 12 vulnerabilities and has four fixes An update that solves 12 vulnerabilities and has four fixes An update that solves 12 vulnerabilities and has four fixes ...

Description

This update for qemu fixes several issues.

These security issues were fixed:

- CVE-2017-15268: Qemu allowed remote attackers to cause a memory leak by

triggering slow data-channel read operations, related to

io/channel-websock.c (bsc#1062942).

- CVE-2017-9524: The qemu-nbd server when built with the Network Block

Device (NBD) Server support allowed remote attackers to cause a denial

of service (segmentation fault and server crash) by leveraging failure

to ensure that all initialization occurs talking to a client in the

nbd_negotiate function (bsc#1043808).

- CVE-2017-15289: The mode4and5 write functions allowed local OS guest

privileged users to cause a denial of service (out-of-bounds write

access and Qemu process crash) via vectors related to dst calculation

(bsc#1063122)

- CVE-2017-15038: Race condition in the v9fs_xattrwalk function local

guest OS users to obtain sensitive information from host heap memory via

...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service update security fix memory leak openSUSE qemu

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-1249=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE Leap 42.2 (i586 x86_64):

qemu-2.6.2-31.9.1

qemu-arm-2.6.2-31.9.1

qemu-arm-debuginfo-2.6.2-31.9.1

qemu-block-curl-2.6.2-31.9.1

qemu-block-curl-debuginfo-2.6.2-31.9.1

qemu-block-dmg-2.6.2-31.9.1

qemu-block-dmg-debuginfo-2.6.2-31.9.1

qemu-block-iscsi-2.6.2-31.9.1

qemu-block-iscsi-debuginfo-2.6.2-31.9.1

qemu-block-ssh-2.6.2-31.9.1

qemu-block-ssh-debuginfo-2.6.2-31.9.1

qemu-debugsource-2.6.2-31.9.1

qemu-extra-2.6.2-31.9.1

qemu-extra-debuginfo-2.6.2-31.9.1

qemu-guest-agent-2.6.2-31.9.1

qemu-guest-agent-debuginfo-2.6.2-31.9.1

qemu-kvm-2.6.2-31.9.1

qemu-lang-2.6.2-31.9.1

qemu-linux-user-2.6.2-31.9.1

qemu-linux-user-debuginfo-2.6.2-31.9.1

qemu-linux-user-debugsource-2.6.2-31.9.1

qemu-ppc-2.6.2-31.9.1

qemu-ppc-debuginfo-2.6.2-31.9.1

qemu-s390-2.6.2-31.9.1

qemu-s390-debuginfo-2.6.2-31.9.1

qemu-testsuite-2.6.2-31.9.2

qemu-tools-2.6.2-31.9.1

qemu-tools-debuginfo-2.6.2-31.9.1

qemu-x86-2.6.2-31.9.1

qemu-x86-debuginfo-2.6.2-31.9.1

- openSUSE Leap 42.2 (noarch):

qemu-ipxe-1.0.0-31.9.1

qemu-seabios-1.9.1-31.9.1

qemu-sgabios-8...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2017-10664.html

https://www.suse.com/security/cve/CVE-2017-10806.html

https://www.suse.com/security/cve/CVE-2017-10911.html

https://www.suse.com/security/cve/CVE-2017-11334.html

https://www.suse.com/security/cve/CVE-2017-11434.html

https://www.suse.com/security/cve/CVE-2017-12809.html

https://www.suse.com/security/cve/CVE-2017-13672.html

https://www.suse.com/security/cve/CVE-2017-14167.html

https://www.suse.com/security/cve/CVE-2017-15038.html

https://www.suse.com/security/cve/CVE-2017-15268.html

https://www.suse.com/security/cve/CVE-2017-15289.html

https://www.suse.com/security/cve/CVE-2017-9524.html

https://bugzilla.suse.com/1043176

https://bugzilla.suse.com/1043808

https://bugzilla.suse.com/1046636

https://bugzilla.suse.com/1047674

https://bugzilla.suse.com/1048902

https://bugzilla.suse.com/1049381

https://bugzilla.suse.com/1054724

https://bugzilla.suse.com/1056334

https://bugzilla.suse.com/1057378

https://bugzilla.suse.com/1057585

https://bugzilla.suse.com/1057966

ht...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2017:2941-1
Rating: important
Affected Products: openSUSE Leap 42.2

Topics%20covered

Topics Covered

security advisory denial of service update security fix memory leak openSUSE qemu

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here