SUSE: 2016:2589-1 Critical: Qemu Denial Of Service Security Advisory

suse

October 21, 2016

An update that solves 19 vulnerabilities and has one errata An update that solves 19 vulnerabilities and has one errata An update that solves 19 vulnerabilities and has one errata ...

Summary

qemu was updated to fix 19 security issues. These security issues were fixed: - CVE-2016-2392: The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU did not properly validate USB configuration descriptor objects, which allowed local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving a remote NDIS control message packet (bsc#967012) - CVE-2016-2391: The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allowed local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers (bsc#967013) - CVE-2016-5106: The megasas_dcmd_set_properties function in

Topics Covered

security advisory denial of service critical software patch system integrity suse qemu

References

#1000048 #967012 #967013 #982017 #982018

#982019 #982222 #982223 #982285 #982959 #983961

#983982 #991080 #991466 #994760 #994771 #994774

#996441 #997858 #997859

Cross- CVE-2016-2391 CVE-2016-2392 CVE-2016-4453

CVE-2016-4454 CVE-2016-5105 CVE-2016-5106

CVE-2016-5107 CVE-2016-5126 CVE-2016-5238

CVE-2016-5337 CVE-2016-5338 CVE-2016-5403

CVE-2016-6490 CVE-2016-6833 CVE-2016-6836

CVE-2016-6888 CVE-2016-7116 CVE-2016-7155

CVE-2016-7156

Affected Products:

SUSE Linux Enterprise Server 12-SP1

SUSE Linux Enterprise Desktop 12-SP1

https://www.suse.com/security/cve/CVE-2016-2391.html

https://www.suse.com/security/cve/CVE-2016-2392.html

https://www.suse.com/security/cve/CVE-2016-4453.html

https://www.suse.com/security/cve/CVE-2016-4454.html

Severity

critical

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2016:2589-1

Rating: important

Topics Covered

security advisory denial of service critical software patch system integrity suse qemu

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2016:2589-1 Critical: Qemu Denial Of Service Security Advisory

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2016:2589-1 Critical: Qemu Denial Of Service Security Advisory

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!