openSUSE Security Update: QEMU accumulated security and maintenance updates ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0200-1 Rating: low References: #779727 #840607 #842006 #849587 Cross-References: CVE-2013-4344 Affected Products: openSUSE 13.1 openSUSE 12.3 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. Description: Running QEMU in a configuration with more than 256 emulated SCSI devices attached could have caused a buffer overflow when the guest issues a REPORT LUNS command. Fix this as part of upgrading to the latest stable version on 13.1. Also fix unintentional building against gtk2 rather than gtk3 on 13.1, and fix serial retry logic on 12.3. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-111 - openSUSE 12.3: zypper in -t patch openSUSE-2014-111 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): qemu-1.6.2-4.5.1 qemu-debuginfo-1.6.2-4.5.1 qemu-debugsource-1.6.2-4.5.1 qemu-guest-agent-1.6.2-4.5.1 qemu-guest-agent-debuginfo-1.6.2-4.5.1 qemu-lang-1.6.2-4.5.1 qemu-linux-user-1.6.2-4.5.1 qemu-linux-user-debuginfo-1.6.2-4.5.1 qemu-linux-user-debugsource-1.6.2-4.5.1 qemu-tools-1.6.2-4.5.1 qemu-tools-debuginfo-1.6.2-4.5.1 - openSUSE 13.1 (noarch): qemu-ipxe-1.0.0-4.5.1 qemu-seabios-1.7.2.2-4.5.1 qemu-sgabios-8-4.5.1 qemu-vgabios-0.6c-4.5.1 - openSUSE 12.3 (i586 x86_64): qemu-1.3.1-3.8.1 qemu-debuginfo-1.3.1-3.8.1 qemu-debugsource-1.3.1-3.8.1 qemu-guest-agent-1.3.1-3.8.1 qemu-guest-agent-debuginfo-1.3.1-3.8.1 qemu-linux-user-1.3.1-3.8.1 qemu-linux-user-debuginfo-1.3.1-3.8.1 qemu-tools-1.3.1-3.8.1 qemu-tools-debuginfo-1.3.1-3.8.1 References: http://support.novell.com/security/cve/CVE-2013-4344.html https://bugzilla.novell.com/779727 https://bugzilla.novell.com/840607 https://bugzilla.novell.com/842006 https://bugzilla.novell.com/849587