Alerts This Week
Warning Icon 1 666
Alerts This Week
Warning Icon 1 666

SUSE: 2023:4587-1 Critical: QEMU Vulnerability Patch for Multiple Threats

suse
Calendar Grey May 11, 2017
Dist Suse Esm H88
Crucial SUSE patch fixes 13 security flaws in qemu application. Make certain your installations are updated to uphold protection.
An update that solves 13 vulnerabilities and has four fixes An update that solves 13 vulnerabilities and has four fixes An update that solves 13 vulnerabilities and has four fixes ...

Summary

This update for qemu fixes several issues. These security issues were fixed: - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation (bsc#1024972) - CVE-2017-2615: An error in the bitblt copy operation could have allowed a malicious guest administrator to cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation (bsc#1023004) - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a memory leakage issue allowing a privileged user to leak host memory resulting in DoS (bsc#1023053) - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support

Topics%20covered

Topics Covered

security advisory privilege escalation DoS patch important SUSE qemu

References

#1013285 #1014109 #1014111 #1014702 #1015048

#1015169 #1016779 #1020491 #1020589 #1020928

#1021129 #1022541 #1023004 #1023053 #1023907

#1024972 #937125

Cross- CVE-2016-10155 CVE-2016-9776 CVE-2016-9907

CVE-2016-9911 CVE-2016-9921 CVE-2016-9922

CVE-2017-2615 CVE-2017-2620 CVE-2017-5525

CVE-2017-5526 CVE-2017-5667 CVE-2017-5856

CVE-2017-5898

Affected Products:

SUSE Linux Enterprise Server 12-SP1

SUSE Linux Enterprise Desktop 12-SP1

https://www.suse.com/security/cve/CVE-2016-10155.html

https://www.suse.com/security/cve/CVE-2016-9776.html

https://www.suse.com/security/cve/CVE-2016-9907.html

https://www.suse.com/security/cve/CVE-2016-9911.html

https://www.suse.com/security/cve/CVE-2016-9921.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2017:1241-1
Rating: important

Topics%20covered

Topics Covered

security advisory privilege escalation DoS patch important SUSE qemu

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here