SUSE: 2018:0132-2 Critical: qemu Buffer Overflow and Remote Control Issues

suse

January 13, 2017

An update that solves 13 vulnerabilities and has two fixes An update that solves 13 vulnerabilities and has two fixes An update that solves 13 vulnerabilities and has two fixes is ...

Summary

qemu was updated to fix several issues. These security issues were fixed: - CVE-2016-9102: Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in allowed local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) via a large number of Txattrcreate messages with the same fid number (bsc#1014256). - CVE-2016-9103: The v9fs_xattrcreate function in hw/9pfs/9p.c in allowed local guest OS administrators to obtain sensitive host heap memory information by reading xattribute values writing to them (bsc#1007454). - CVE-2016-9381: Improper processing of shared rings allowing guest administrators take over the qemu process, elevating their privilege to that of the qemu process (bsc#1009109) - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support

Topics Covered

security advisory critical DoS memory leak SUSE issue fix qemu

References

#1007454 #1008519 #1009109 #1013285 #1013341

#1013764 #1013767 #1014109 #1014110 #1014111

#1014112 #1014256 #1014514 #1016779 #937125

Cross- CVE-2016-9102 CVE-2016-9103 CVE-2016-9381

CVE-2016-9776 CVE-2016-9845 CVE-2016-9846

CVE-2016-9907 CVE-2016-9908 CVE-2016-9911

CVE-2016-9912 CVE-2016-9913 CVE-2016-9921

CVE-2016-9922

Affected Products:

SUSE Linux Enterprise Server for Raspberry Pi 12-SP2

SUSE Linux Enterprise Server 12-SP2

SUSE Linux Enterprise Desktop 12-SP2

https://www.suse.com/security/cve/CVE-2016-9102.html

https://www.suse.com/security/cve/CVE-2016-9103.html

https://www.suse.com/security/cve/CVE-2016-9381.html

https://www.suse.com/security/cve/CVE-2016-9776.html

https://www.suse.com/security/cve/CVE-2016-9845.html

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2017:0127-1

Rating: important

Topics Covered

security advisory critical DoS memory leak SUSE issue fix qemu

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2018:0132-2 Critical: qemu Buffer Overflow and Remote Control Issues

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2018:0132-2 Critical: qemu Buffer Overflow and Remote Control Issues

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!