[security-announce] openSUSE-SU-2016:1750-1: important: Security update for qemu

6 Jul 2016

      openSUSE Security Update: Security update for qemu
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2016:1750-1
Rating:             important
References:         #886378 #940929 #958491 #958917 #959005 #959386 
                    #960334 #960708 #960725 #960835 #961332 #961333 
                    #961358 #961556 #961691 #962320 #963782 #964411 
                    #964413 #967969 #969121 #969122 #969350 #970036 
                    #970037 #975128 #975136 #975700 #976109 #978158 
                    #978160 #980711 #980723 #981266 
Cross-References:   CVE-2015-5745 CVE-2015-7549 CVE-2015-8504
                    CVE-2015-8558 CVE-2015-8567 CVE-2015-8568
                    CVE-2015-8613 CVE-2015-8619 CVE-2015-8743
                    CVE-2015-8744 CVE-2015-8745 CVE-2015-8817
                    CVE-2015-8818 CVE-2016-1568 CVE-2016-1714
                    CVE-2016-1922 CVE-2016-1981 CVE-2016-2197
                    CVE-2016-2198 CVE-2016-2538 CVE-2016-2841
                    CVE-2016-2857 CVE-2016-2858 CVE-2016-3710
                    CVE-2016-3712 CVE-2016-4001 CVE-2016-4002
                    CVE-2016-4020 CVE-2016-4037 CVE-2016-4439
                    CVE-2016-4441 CVE-2016-4952
Affected Products:
                    openSUSE Leap 42.1
______________________________________________________________________________

   An update that solves 32 vulnerabilities and has two fixes
   is now available.

Description:

   qemu was updated to fix 29 security issues.

   These security issues were fixed:
   - CVE-2016-4439: Avoid OOB access in 53C9X emulation (bsc#980711)
   - CVE-2016-4441: Avoid OOB access in 53C9X emulation (bsc#980723)
   - CVE-2016-4952: Avoid OOB access in Vmware PV SCSI emulation (bsc#981266)
   - CVE-2015-8817: Avoid OOB access in PCI dma I/O (bsc#969121)
   - CVE-2015-8818: Avoid OOB access in PCI dma I/O (bsc#969122)
   - CVE-2016-3710: Fixed VGA emulation based OOB access with potential for
     guest escape (bsc#978158)
   - CVE-2016-3712: Fixed VGa emulation based DOS and OOB read access exploit
     (bsc#978160)
   - CVE-2016-4037: Fixed USB ehci based DOS (bsc#976109)
   - CVE-2016-2538: Fixed potential OOB access in USB net device emulation
     (bsc#967969)
   - CVE-2016-2841: Fixed OOB access / hang in ne2000 emulation (bsc#969350)
   - CVE-2016-2858: Avoid potential DOS when using QEMU pseudo random number
     generator (bsc#970036)
   - CVE-2016-2857: Fixed OOB access when processing IP checksums (bsc#970037)
   - CVE-2016-4001: Fixed OOB access in Stellaris enet emulated nic
     (bsc#975128)
   - CVE-2016-4002: Fixed OOB access in MIPSnet emulated controller
     (bsc#975136)
   - CVE-2016-4020: Fixed possible host data leakage to guest from TPR access
     (bsc#975700)
   - CVE-2016-2197: Prevent AHCI NULL pointer dereference when using FIS CLB
     engine (bsc#964411)
   - CVE-2015-5745: Buffer overflow in virtio-serial (bsc#940929).
   - CVE-2015-7549: PCI null pointer dereferences (bsc#958917).
   - CVE-2015-8504: VNC floating point exception (bsc#958491).
   - CVE-2015-8558: Infinite loop in ehci_advance_state resulting in DoS
     (bsc#959005).
   - CVE-2015-8567: A guest repeatedly activating a vmxnet3 device can leak
     host memory (bsc#959386).
   - CVE-2015-8568: A guest repeatedly activating a vmxnet3 device can leak
     host memory (bsc#959386).
   - CVE-2015-8613: Wrong sized memset in megasas command handler
     (bsc#961358).
   - CVE-2015-8619: Potential DoS for long HMP sendkey command argument
     (bsc#960334).
   - CVE-2015-8743: OOB memory access in ne2000 ioport r/w functions
     (bsc#960725).
   - CVE-2015-8744: Incorrect l2 header validation could have lead to a crash
     via assert(2) call (bsc#960835).
   - CVE-2015-8745: Reading IMR registers could have lead to a crash via
     assert(2) call (bsc#960708).
   - CVE-2016-1568: AHCI use-after-free in aio port commands (bsc#961332).
   - CVE-2016-1714: Potential OOB memory access in processing firmware
     configuration (bsc#961691).
   - CVE-2016-1922: NULL pointer dereference when processing hmp i/o command
     (bsc#962320).
   - CVE-2016-1981: Potential DoS (infinite loop) in e1000 device emulation
     by malicious privileged user within guest (bsc#963782).
   - CVE-2016-2198: Malicious privileged guest user were able to cause DoS by
     writing to read-only EHCI capabilities registers (bsc#964413).

   This non-security issue was fixed
   - bsc#886378: qemu truncates vhd images in virt-rescue

   This update was imported from the SUSE:SLE-12-SP1:Update update project.

Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE Leap 42.1:

      zypper in -t patch openSUSE-2016-839=1

   To bring your system up-to-date, use "zypper patch".

Package List:

   - openSUSE Leap 42.1 (i586 x86_64):

      qemu-2.3.1-15.1
      qemu-arm-2.3.1-15.1
      qemu-arm-debuginfo-2.3.1-15.1
      qemu-block-curl-2.3.1-15.1
      qemu-block-curl-debuginfo-2.3.1-15.1
      qemu-debugsource-2.3.1-15.1
      qemu-extra-2.3.1-15.1
      qemu-extra-debuginfo-2.3.1-15.1
      qemu-guest-agent-2.3.1-15.1
      qemu-guest-agent-debuginfo-2.3.1-15.1
      qemu-kvm-2.3.1-15.1
      qemu-lang-2.3.1-15.1
      qemu-linux-user-2.3.1-15.1
      qemu-linux-user-debuginfo-2.3.1-15.1
      qemu-linux-user-debugsource-2.3.1-15.1
      qemu-ppc-2.3.1-15.1
      qemu-ppc-debuginfo-2.3.1-15.1
      qemu-s390-2.3.1-15.1
      qemu-s390-debuginfo-2.3.1-15.1
      qemu-tools-2.3.1-15.1
      qemu-tools-debuginfo-2.3.1-15.1
      qemu-x86-2.3.1-15.1
      qemu-x86-debuginfo-2.3.1-15.1

   - openSUSE Leap 42.1 (noarch):

      qemu-ipxe-1.0.0-15.1
      qemu-seabios-1.8.1-15.1
      qemu-sgabios-8-15.1
      qemu-vgabios-1.8.1-15.1

   - openSUSE Leap 42.1 (x86_64):

      qemu-block-rbd-2.3.1-15.1
      qemu-block-rbd-debuginfo-2.3.1-15.1
      qemu-testsuite-2.3.1-15.2

References:

   https://www.suse.com/security/cve/CVE-2015-5745.html
   https://www.suse.com/security/cve/CVE-2015-7549.html
   https://www.suse.com/security/cve/CVE-2015-8504.html
   https://www.suse.com/security/cve/CVE-2015-8558.html
   https://www.suse.com/security/cve/CVE-2015-8567.html
   https://www.suse.com/security/cve/CVE-2015-8568.html
   https://www.suse.com/security/cve/CVE-2015-8613.html
   https://www.suse.com/security/cve/CVE-2015-8619.html
   https://www.suse.com/security/cve/CVE-2015-8743.html
   https://www.suse.com/security/cve/CVE-2015-8744.html
   https://www.suse.com/security/cve/CVE-2015-8745.html
   https://www.suse.com/security/cve/CVE-2015-8817.html
   https://www.suse.com/security/cve/CVE-2015-8818.html
   https://www.suse.com/security/cve/CVE-2016-1568.html
   https://www.suse.com/security/cve/CVE-2016-1714.html
   https://www.suse.com/security/cve/CVE-2016-1922.html
   https://www.suse.com/security/cve/CVE-2016-1981.html
   https://www.suse.com/security/cve/CVE-2016-2197.html
   https://www.suse.com/security/cve/CVE-2016-2198.html
   https://www.suse.com/security/cve/CVE-2016-2538.html
   https://www.suse.com/security/cve/CVE-2016-2841.html
   https://www.suse.com/security/cve/CVE-2016-2857.html
   https://www.suse.com/security/cve/CVE-2016-2858.html
   https://www.suse.com/security/cve/CVE-2016-3710.html
   https://www.suse.com/security/cve/CVE-2016-3712.html
   https://www.suse.com/security/cve/CVE-2016-4001.html
   https://www.suse.com/security/cve/CVE-2016-4002.html
   https://www.suse.com/security/cve/CVE-2016-4020.html
   https://www.suse.com/security/cve/CVE-2016-4037.html
   https://www.suse.com/security/cve/CVE-2016-4439.html
   https://www.suse.com/security/cve/CVE-2016-4441.html
   https://www.suse.com/security/cve/CVE-2016-4952.html
   https://bugzilla.suse.com/886378
   https://bugzilla.suse.com/940929
   https://bugzilla.suse.com/958491
   https://bugzilla.suse.com/958917
   https://bugzilla.suse.com/959005
   https://bugzilla.suse.com/959386
   https://bugzilla.suse.com/960334
   https://bugzilla.suse.com/960708
   https://bugzilla.suse.com/960725
   https://bugzilla.suse.com/960835
   https://bugzilla.suse.com/961332
   https://bugzilla.suse.com/961333
   https://bugzilla.suse.com/961358
   https://bugzilla.suse.com/961556
   https://bugzilla.suse.com/961691
   https://bugzilla.suse.com/962320
   https://bugzilla.suse.com/963782
   https://bugzilla.suse.com/964411
   https://bugzilla.suse.com/964413
   https://bugzilla.suse.com/967969
   https://bugzilla.suse.com/969121
   https://bugzilla.suse.com/969122
   https://bugzilla.suse.com/969350
   https://bugzilla.suse.com/970036
   https://bugzilla.suse.com/970037
   https://bugzilla.suse.com/975128
   https://bugzilla.suse.com/975136
   https://bugzilla.suse.com/975700
   https://bugzilla.suse.com/976109
   https://bugzilla.suse.com/978158
   https://bugzilla.suse.com/978160
   https://bugzilla.suse.com/980711
   https://bugzilla.suse.com/980723
   https://bugzilla.suse.com/981266

-- 
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

opensuse-security＠opensuse.org

tags

participants (1)