SUSE Security Update: Security update for kvm
______________________________________________________________________________

Announcement ID:    SUSE-SU-2016:1785-1
Rating:             important
References:         #895528 #901508 #928393 #934069 #936132 #940929 
                    #944463 #945404 #945987 #945989 #947159 #958491 
                    #958917 #959005 #960334 #960725 #961332 #961333 
                    #961358 #961556 #961691 #962320 #963782 #964413 
                    #967969 #969350 #970036 #970037 #975128 #975136 
                    #975700 #976109 #978158 #978160 #980711 #980723 
                    
Cross-References:   CVE-2014-3615 CVE-2014-3689 CVE-2014-9718
                    CVE-2015-3214 CVE-2015-5239 CVE-2015-5278
                    CVE-2015-5279 CVE-2015-5745 CVE-2015-6855
                    CVE-2015-7295 CVE-2015-7549 CVE-2015-8504
                    CVE-2015-8558 CVE-2015-8613 CVE-2015-8619
                    CVE-2015-8743 CVE-2016-1568 CVE-2016-1714
                    CVE-2016-1922 CVE-2016-1981 CVE-2016-2198
                    CVE-2016-2538 CVE-2016-2841 CVE-2016-2857
                    CVE-2016-2858 CVE-2016-3710 CVE-2016-3712
                    CVE-2016-4001 CVE-2016-4002 CVE-2016-4020
                    CVE-2016-4037 CVE-2016-4439 CVE-2016-4441
                   
Affected Products:
                    SUSE Linux Enterprise Server 11-SP4
______________________________________________________________________________

   An update that solves 33 vulnerabilities and has three
   fixes is now available.

Description:

   kvm was updated to fix 33 security issues.

   These security issues were fixed:
   - CVE-2016-4439: Avoid OOB access in 53C9X emulation (bsc#980711)
   - CVE-2016-4441: Avoid OOB access in 53C9X emulation (bsc#980723)
   - CVE-2016-3710: Fixed VGA emulation based OOB access with potential for
     guest escape (bsc#978158)
   - CVE-2016-3712: Fixed VGa emulation based DOS and OOB read access exploit
     (bsc#978160)
   - CVE-2016-4037: Fixed USB ehci based DOS (bsc#976109)
   - CVE-2016-2538: Fixed potential OOB access in USB net device emulation
     (bsc#967969)
   - CVE-2016-2841: Fixed OOB access / hang in ne2000 emulation (bsc#969350)
   - CVE-2016-2858: Avoid potential DOS when using QEMU pseudo random number
     generator (bsc#970036)
   - CVE-2016-2857: Fixed OOB access when processing IP checksums (bsc#970037)
   - CVE-2016-4001: Fixed OOB access in Stellaris enet emulated nic
     (bsc#975128)
   - CVE-2016-4002: Fixed OOB access in MIPSnet emulated controller
     (bsc#975136)
   - CVE-2016-4020: Fixed possible host data leakage to guest from TPR access
     (bsc#975700)
   - CVE-2015-3214: Fixed OOB read in i8254 PIC (bsc#934069)
   - CVE-2014-9718: Fixed the handling of malformed or short ide PRDTs to
     avoid any opportunity for guest to cause DoS by abusing that interface
     (bsc#928393)
   - CVE-2014-3689: Fixed insufficient parameter validation in rectangle
     functions (bsc#901508)
   - CVE-2014-3615: The VGA emulator in QEMU allowed local guest users to
     read host memory by setting the display to a high resolution
     (bsc#895528).
   - CVE-2015-5239: Integer overflow in vnc_client_read() and
     protocol_client_msg() (bsc#944463).
   - CVE-2015-5278: Infinite loop in ne2000_receive() function (bsc#945989).
   - CVE-2015-5279: Heap-based buffer overflow in the ne2000_receive function
     in hw/net/ne2000.c in QEMU allowed guest OS users to cause a denial of
     service (instance crash) or possibly execute arbitrary code via vectors     related to receiving packets (bsc#945987).
   - CVE-2015-5745: Buffer overflow in virtio-serial (bsc#940929).
   - CVE-2015-6855: hw/ide/core.c in QEMU did not properly restrict the
     commands accepted by an ATAPI device, which allowed guest users to cause
     a denial of service or possibly have unspecified other impact via
     certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command
     to an empty drive, which triggers a divide-by-zero error and instance
     crash (bsc#945404).
   - CVE-2015-7295: hw/virtio/virtio.c in the Virtual Network Device
     (virtio-net) support in QEMU, when big or mergeable receive buffers are
     not supported, allowed remote attackers to cause a denial of service
     (guest network consumption) via a flood of jumbo frames on the (1)
     tuntap or (2) macvtap interface (bsc#947159).
   - CVE-2015-7549: PCI null pointer dereferences (bsc#958917).
   - CVE-2015-8504: VNC floating point exception (bsc#958491).
   - CVE-2015-8558: Infinite loop in ehci_advance_state resulting in DoS
     (bsc#959005).
   - CVE-2015-8613: Wrong sized memset in megasas command handler
     (bsc#961358).
   - CVE-2015-8619: Potential DoS for long HMP sendkey command argument
     (bsc#960334).
   - CVE-2015-8743: OOB memory access in ne2000 ioport r/w functions
     (bsc#960725).
   - CVE-2016-1568: AHCI use-after-free in aio port commands (bsc#961332).
   - CVE-2016-1714: Potential OOB memory access in processing firmware
     configuration (bsc#961691).
   - CVE-2016-1922: NULL pointer dereference when processing hmp i/o command
     (bsc#962320).
   - CVE-2016-1981: Potential DoS (infinite loop) in e1000 device emulation
     by malicious privileged user within guest (bsc#963782).
   - CVE-2016-2198: Malicious privileged guest user were able to cause DoS by
     writing to read-only EHCI capabilities registers (bsc#964413).

   This non-security issue was fixed:
   - Fix case of IDE interface needing busy status set before flush
     (bsc#936132)


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 11-SP4:

      zypper in -t patch slessp4-kvm-12645=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Server 11-SP4 (i586 s390x x86_64):

      kvm-1.4.2-44.1


References:

   https://www.suse.com/security/cve/CVE-2014-3615.html
   https://www.suse.com/security/cve/CVE-2014-3689.html
   https://www.suse.com/security/cve/CVE-2014-9718.html
   https://www.suse.com/security/cve/CVE-2015-3214.html
   https://www.suse.com/security/cve/CVE-2015-5239.html
   https://www.suse.com/security/cve/CVE-2015-5278.html
   https://www.suse.com/security/cve/CVE-2015-5279.html
   https://www.suse.com/security/cve/CVE-2015-5745.html
   https://www.suse.com/security/cve/CVE-2015-6855.html
   https://www.suse.com/security/cve/CVE-2015-7295.html
   https://www.suse.com/security/cve/CVE-2015-7549.html
   https://www.suse.com/security/cve/CVE-2015-8504.html
   https://www.suse.com/security/cve/CVE-2015-8558.html
   https://www.suse.com/security/cve/CVE-2015-8613.html
   https://www.suse.com/security/cve/CVE-2015-8619.html
   https://www.suse.com/security/cve/CVE-2015-8743.html
   https://www.suse.com/security/cve/CVE-2016-1568.html
   https://www.suse.com/security/cve/CVE-2016-1714.html
   https://www.suse.com/security/cve/CVE-2016-1922.html
   https://www.suse.com/security/cve/CVE-2016-1981.html
   https://www.suse.com/security/cve/CVE-2016-2198.html
   https://www.suse.com/security/cve/CVE-2016-2538.html
   https://www.suse.com/security/cve/CVE-2016-2841.html
   https://www.suse.com/security/cve/CVE-2016-2857.html
   https://www.suse.com/security/cve/CVE-2016-2858.html
   https://www.suse.com/security/cve/CVE-2016-3710.html
   https://www.suse.com/security/cve/CVE-2016-3712.html
   https://www.suse.com/security/cve/CVE-2016-4001.html
   https://www.suse.com/security/cve/CVE-2016-4002.html
   https://www.suse.com/security/cve/CVE-2016-4020.html
   https://www.suse.com/security/cve/CVE-2016-4037.html
   https://www.suse.com/security/cve/CVE-2016-4439.html
   https://www.suse.com/security/cve/CVE-2016-4441.html
   https://bugzilla.suse.com/895528
   https://bugzilla.suse.com/901508
   https://bugzilla.suse.com/928393
   https://bugzilla.suse.com/934069
   https://bugzilla.suse.com/936132
   https://bugzilla.suse.com/940929
   https://bugzilla.suse.com/944463
   https://bugzilla.suse.com/945404
   https://bugzilla.suse.com/945987
   https://bugzilla.suse.com/945989
   https://bugzilla.suse.com/947159
   https://bugzilla.suse.com/958491
   https://bugzilla.suse.com/958917
   https://bugzilla.suse.com/959005
   https://bugzilla.suse.com/960334
   https://bugzilla.suse.com/960725
   https://bugzilla.suse.com/961332
   https://bugzilla.suse.com/961333
   https://bugzilla.suse.com/961358
   https://bugzilla.suse.com/961556
   https://bugzilla.suse.com/961691
   https://bugzilla.suse.com/962320
   https://bugzilla.suse.com/963782
   https://bugzilla.suse.com/964413
   https://bugzilla.suse.com/967969
   https://bugzilla.suse.com/969350
   https://bugzilla.suse.com/970036
   https://bugzilla.suse.com/970037
   https://bugzilla.suse.com/975128
   https://bugzilla.suse.com/975136
   https://bugzilla.suse.com/975700
   https://bugzilla.suse.com/976109
   https://bugzilla.suse.com/978158
   https://bugzilla.suse.com/978160
   https://bugzilla.suse.com/980711
   https://bugzilla.suse.com/980723

SuSE: 2016:1785-1: important: kvm

July 11, 2016
An update that solves 33 vulnerabilities and has three An update that solves 33 vulnerabilities and has three An update that solves 33 vulnerabilities and has three fixes is now av...

Summary

kvm was updated to fix 33 security issues. These security issues were fixed: - CVE-2016-4439: Avoid OOB access in 53C9X emulation (bsc#980711) - CVE-2016-4441: Avoid OOB access in 53C9X emulation (bsc#980723) - CVE-2016-3710: Fixed VGA emulation based OOB access with potential for guest escape (bsc#978158) - CVE-2016-3712: Fixed VGa emulation based DOS and OOB read access exploit (bsc#978160) - CVE-2016-4037: Fixed USB ehci based DOS (bsc#976109) - CVE-2016-2538: Fixed potential OOB access in USB net device emulation (bsc#967969) - CVE-2016-2841: Fixed OOB access / hang in ne2000 emulation (bsc#969350) - CVE-2016-2858: Avoid potential DOS when using QEMU pseudo random number generator (bsc#970036) - CVE-2016-2857: Fixed OOB access when processing IP checksums (bsc#970037) - CVE-2016-4001: Fixed OOB access in Stellaris enet emulated nic (bsc#975128) - CVE-2016-4002: Fixed OOB access in MIPSnet emulated controller (bsc#975136) - CVE-2016-4020: Fixed possible host data leakage to guest from TPR access (bsc#975700) - CVE-2015-3214: Fixed OOB read in i8254 PIC (bsc#934069) - CVE-2014-9718: Fixed the handling of malformed or short ide PRDTs to avoid any opportunity for guest to cause DoS by abusing that interface (bsc#928393) - CVE-2014-3689: Fixed insufficient parameter validation in rectangle functions (bsc#901508) - CVE-2014-3615: The VGA emulator in QEMU allowed local guest users to read host memory by setting the display to a high resolution (bsc#895528). - CVE-2015-5239: Integer overflow in vnc_client_read() and protocol_client_msg() (bsc#944463). - CVE-2015-5278: Infinite loop in ne2000_receive() function (bsc#945989). - CVE-2015-5279: Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU allowed guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets (bsc#945987). - CVE-2015-5745: Buffer overflow in virtio-serial (bsc#940929). - CVE-2015-6855: hw/ide/core.c in QEMU did not properly restrict the commands accepted by an ATAPI device, which allowed guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash (bsc#945404). - CVE-2015-7295: hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allowed remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap interface (bsc#947159). - CVE-2015-7549: PCI null pointer dereferences (bsc#958917). - CVE-2015-8504: VNC floating point exception (bsc#958491). - CVE-2015-8558: Infinite loop in ehci_advance_state resulting in DoS (bsc#959005). - CVE-2015-8613: Wrong sized memset in megasas command handler (bsc#961358). - CVE-2015-8619: Potential DoS for long HMP sendkey command argument (bsc#960334). - CVE-2015-8743: OOB memory access in ne2000 ioport r/w functions (bsc#960725). - CVE-2016-1568: AHCI use-after-free in aio port commands (bsc#961332). - CVE-2016-1714: Potential OOB memory access in processing firmware configuration (bsc#961691). - CVE-2016-1922: NULL pointer dereference when processing hmp i/o command (bsc#962320). - CVE-2016-1981: Potential DoS (infinite loop) in e1000 device emulation by malicious privileged user within guest (bsc#963782). - CVE-2016-2198: Malicious privileged guest user were able to cause DoS by writing to read-only EHCI capabilities registers (bsc#964413). This non-security issue was fixed: - Fix case of IDE interface needing busy status set before flush (bsc#936132) Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-kvm-12645=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 s390x x86_64): kvm-1.4.2-44.1

References

#895528 #901508 #928393 #934069 #936132 #940929

#944463 #945404 #945987 #945989 #947159 #958491

#958917 #959005 #960334 #960725 #961332 #961333

#961358 #961556 #961691 #962320 #963782 #964413

#967969 #969350 #970036 #970037 #975128 #975136

#975700 #976109 #978158 #978160 #980711 #980723

Cross- CVE-2014-3615 CVE-2014-3689 CVE-2014-9718

CVE-2015-3214 CVE-2015-5239 CVE-2015-5278

CVE-2015-5279 CVE-2015-5745 CVE-2015-6855

CVE-2015-7295 CVE-2015-7549 CVE-2015-8504

CVE-2015-8558 CVE-2015-8613 CVE-2015-8619

CVE-2015-8743 CVE-2016-1568 CVE-2016-1714

CVE-2016-1922 CVE-2016-1981 CVE-2016-2198

CVE-2016-2538 CVE-2016-2841 CVE-2016-2857

CVE-2016-2858 CVE-2016-3710 CVE-2016-3712

CVE-2016-4001 CVE-2016-4002 CVE-2016-4020

CVE-2016-4037 CVE-2016-4439 CVE-2016-4441

Affected Products:

SUSE Linux Enterprise Server 11-SP4

https://www.suse.com/security/cve/CVE-2014-3615.html

https://www.suse.com/security/cve/CVE-2014-3689.html

https://www.suse.com/security/cve/CVE-2014-9718.html

https://www.suse.com/security/cve/CVE-2015-3214.html

https://www.suse.com/security/cve/CVE-2015-5239.html

https://www.suse.com/security/cve/CVE-2015-5278.html

https://www.suse.com/security/cve/CVE-2015-5279.html

https://www.suse.com/security/cve/CVE-2015-5745.html

https://www.suse.com/security/cve/CVE-2015-6855.html

https://www.suse.com/security/cve/CVE-2015-7295.html

https://www.suse.com/security/cve/CVE-2015-7549.html

https://www.suse.com/security/cve/CVE-2015-8504.html

https://www.suse.com/security/cve/CVE-2015-8558.html

https://www.suse.com/security/cve/CVE-2015-8613.html

https://www.suse.com/security/cve/CVE-2015-8619.html

https://www.suse.com/security/cve/CVE-2015-8743.html

https://www.suse.com/security/cve/CVE-2016-1568.html

https://www.suse.com/security/cve/CVE-2016-1714.html

https://www.suse.com/security/cve/CVE-2016-1922.html

https://www.suse.com/security/cve/CVE-2016-1981.html

https://www.suse.com/security/cve/CVE-2016-2198.html

https://www.suse.com/security/cve/CVE-2016-2538.html

https://www.suse.com/security/cve/CVE-2016-2841.html

https://www.suse.com/security/cve/CVE-2016-2857.html

https://www.suse.com/security/cve/CVE-2016-2858.html

https://www.suse.com/security/cve/CVE-2016-3710.html

https://www.suse.com/security/cve/CVE-2016-3712.html

https://www.suse.com/security/cve/CVE-2016-4001.html

https://www.suse.com/security/cve/CVE-2016-4002.html

https://www.suse.com/security/cve/CVE-2016-4020.html

https://www.suse.com/security/cve/CVE-2016-4037.html

https://www.suse.com/security/cve/CVE-2016-4439.html

https://www.suse.com/security/cve/CVE-2016-4441.html

https://bugzilla.suse.com/895528

https://bugzilla.suse.com/901508

https://bugzilla.suse.com/928393

https://bugzilla.suse.com/934069

https://bugzilla.suse.com/936132

https://bugzilla.suse.com/940929

https://bugzilla.suse.com/944463

https://bugzilla.suse.com/945404

https://bugzilla.suse.com/945987

https://bugzilla.suse.com/945989

https://bugzilla.suse.com/947159

https://bugzilla.suse.com/958491

https://bugzilla.suse.com/958917

https://bugzilla.suse.com/959005

https://bugzilla.suse.com/960334

https://bugzilla.suse.com/960725

https://bugzilla.suse.com/961332

https://bugzilla.suse.com/961333

https://bugzilla.suse.com/961358

https://bugzilla.suse.com/961556

https://bugzilla.suse.com/961691

https://bugzilla.suse.com/962320

https://bugzilla.suse.com/963782

https://bugzilla.suse.com/964413

https://bugzilla.suse.com/967969

https://bugzilla.suse.com/969350

https://bugzilla.suse.com/970036

https://bugzilla.suse.com/970037

https://bugzilla.suse.com/975128

https://bugzilla.suse.com/975136

https://bugzilla.suse.com/975700

https://bugzilla.suse.com/976109

https://bugzilla.suse.com/978158

https://bugzilla.suse.com/978160

https://bugzilla.suse.com/980711

https://bugzilla.suse.com/980723

Severity
Announcement ID: SUSE-SU-2016:1785-1
Rating: important

Related News

Google Chrome 129: Addressing Crucial Vulnerabilities and Enhancing Security
2 - 4 min read
Google Chrome remains the crown jewel in the browser market, with an impressive user base of approximately 3.45 billion. However, this immense
Fighting Back Against Hadooken Malware by Strengthening WebLogic Security
2 - 4 min read
Cybercriminals have been relentlessly attacking the digital landscape, aiming to exploit vulnerabilities in well-known systems. One such exploit is
CISA Sounds Alarm on Newly Exploited Vulnerabilities: Is Your System at Risk?
3 - 5 min read
CISA regularly publishes updates regarding vulnerabilities that present severe threats to global cybersecurity. Recently, CISA added three
Defending Against Remote Code Execution in Google Chrome: A Critical Update
2 - 3 min read
Google Chrome, a widely used web browser, serves millions of internet users by connecting them to the online world. Unfortunately, severe
Navigating the Linux Kernel
2 - 4 min read
The Linux operating system, widely acclaimed for its robustness and security , recently received widespread media attention due to a significant
Staying a Step Ahead of Adversaries: Mitigating Chromium
2 - 4 min read
Google Chrome, one of the world's most widely used web browsers, has recently been scrutinized due to the discovery of multiple Chromium
Unmasking Cicada3301: Examining the Threat of the New Rust-Based Ransomware
2 - 4 min read
Ransomware has long been a severe threat to organizations and admins alike. Recently, cybersecurity researchers discovered a new variant called
Buffer Overflow Exploits in Linux: Origins, Impact, and Countermeasures
3 - 6 min read
Buffer overflow vulnerabilities have long been one of the biggest headaches in computer security, especially on Linux operating systems that power

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved