Security update for qemu

Announcement ID:	SUSE-SU-2015:1782-1
Rating:	important
References:	bsc#902737 bsc#928308 bsc#934506 bsc#934517 bsc#936537 bsc#937125 bsc#937572 bsc#938344 bsc#939216 bsc#943446 bsc#944017 bsc#945404 bsc#945778 bsc#945987 bsc#945989
Cross-References:	CVE-2014-7815 CVE-2015-5154 CVE-2015-5278 CVE-2015-5279 CVE-2015-6855
CVSS scores:	CVE-2015-5278 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:	SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server for SAP Applications 12

An update that solves five vulnerabilities and has 10 security fixes can now be installed.

Description:

qemu was updated to fix several security issues and bugs.

The following vulnerabilities were fixed: - CVE-2015-5154: Heap-based buffer overflow in the IDE subsystem in QEMU, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands. (bsc#938344). - CVE-2015-5278: QEMU was vulnerable to an infinite loop issue that could occur when receiving packets over the network. (bsc#945989) - CVE-2015-5279: QEMU was vulnerable to a heap buffer overflow issue that could occur when receiving packets over the network. (bsc#945987) - CVE-2015-6855: QEMU was vulnerable to a divide by zero issue that could occur while executing an IDE command WIN_READ_NATIVE_MAX to determine the maximum size of a drive. (bsc#945404) - CVE-2014-7815: The set_pixel_format function in ui/vnc.c in QEMU allowed remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value. (bsc#902737):

Also these non-security issues were fixed: - bsc#937572: Fixed dictzip on big endian systems - bsc#934517: Fix 'info tlb' causes guest to freeze - bsc#934506: Fix vte monitor consol looks empy - bsc#937125: Fix parsing of scsi-disk wwn uint64 property - bsc#945778: Drop .probe hooks for DictZip and tar block drivers - bsc#937572: Fold common-obj-y -> block-obj-y change into original patches - bsc#928308,bsc#944017: Fix virtio-ccw index errors when initrd gets too large - bsc#936537: Fix possible qemu-img error when converting to compressed qcow2 image - bsc#939216: Fix reboot fail after install using uefi - bsc#943446: qemu-img convert doesn't create MB aligned VHDs anymore

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Desktop 12
  zypper in -t patch SUSE-SLE-DESKTOP-12-2015-715=1
• SUSE Linux Enterprise Server 12
  zypper in -t patch SUSE-SLE-SERVER-12-2015-715=1
• SUSE Linux Enterprise Server for SAP Applications 12
  zypper in -t patch SUSE-SLE-SERVER-12-2015-715=1

Package List:

• SUSE Linux Enterprise Desktop 12 (x86_64)
  • qemu-block-curl-debuginfo-2.0.2-48.9.1
  • qemu-2.0.2-48.9.1
  • qemu-x86-debuginfo-2.0.2-48.9.1
  • qemu-x86-2.0.2-48.9.1
  • qemu-kvm-2.0.2-48.9.1
  • qemu-block-curl-2.0.2-48.9.1
  • qemu-tools-2.0.2-48.9.1
  • qemu-tools-debuginfo-2.0.2-48.9.1
  • qemu-debugsource-2.0.2-48.9.1
• SUSE Linux Enterprise Desktop 12 (noarch)
  • qemu-sgabios-8-48.9.1
  • qemu-seabios-1.7.4-48.9.1
  • qemu-ipxe-1.0.0-48.9.1
  • qemu-vgabios-1.7.4-48.9.1
• SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64)
  • qemu-block-curl-debuginfo-2.0.2-48.9.1
  • qemu-2.0.2-48.9.1
  • qemu-block-curl-2.0.2-48.9.1
  • qemu-lang-2.0.2-48.9.1
  • qemu-tools-2.0.2-48.9.1
  • qemu-tools-debuginfo-2.0.2-48.9.1
  • qemu-guest-agent-2.0.2-48.9.1
  • qemu-debugsource-2.0.2-48.9.1
  • qemu-guest-agent-debuginfo-2.0.2-48.9.1
• SUSE Linux Enterprise Server 12 (ppc64le)
  • qemu-ppc-debuginfo-2.0.2-48.9.1
  • qemu-ppc-2.0.2-48.9.1
• SUSE Linux Enterprise Server 12 (s390x x86_64)
  • qemu-kvm-2.0.2-48.9.1
• SUSE Linux Enterprise Server 12 (s390x)
  • qemu-s390-2.0.2-48.9.1
  • qemu-s390-debuginfo-2.0.2-48.9.1
• SUSE Linux Enterprise Server 12 (x86_64)
  • qemu-x86-debuginfo-2.0.2-48.9.1
  • qemu-block-rbd-2.0.2-48.9.1
  • qemu-block-rbd-debuginfo-2.0.2-48.9.1
  • qemu-x86-2.0.2-48.9.1
• SUSE Linux Enterprise Server 12 (noarch)
  • qemu-sgabios-8-48.9.1
  • qemu-seabios-1.7.4-48.9.1
  • qemu-ipxe-1.0.0-48.9.1
  • qemu-vgabios-1.7.4-48.9.1
• SUSE Linux Enterprise Server for SAP Applications 12 (x86_64)
  • qemu-block-curl-debuginfo-2.0.2-48.9.1
  • qemu-2.0.2-48.9.1
  • qemu-block-rbd-debuginfo-2.0.2-48.9.1
  • qemu-x86-debuginfo-2.0.2-48.9.1
  • qemu-x86-2.0.2-48.9.1
  • qemu-block-curl-2.0.2-48.9.1
  • qemu-kvm-2.0.2-48.9.1
  • qemu-lang-2.0.2-48.9.1
  • qemu-tools-2.0.2-48.9.1
  • qemu-tools-debuginfo-2.0.2-48.9.1
  • qemu-guest-agent-2.0.2-48.9.1
  • qemu-debugsource-2.0.2-48.9.1
  • qemu-block-rbd-2.0.2-48.9.1
  • qemu-guest-agent-debuginfo-2.0.2-48.9.1
• SUSE Linux Enterprise Server for SAP Applications 12 (noarch)
  • qemu-sgabios-8-48.9.1
  • qemu-seabios-1.7.4-48.9.1
  • qemu-ipxe-1.0.0-48.9.1
  • qemu-vgabios-1.7.4-48.9.1

References:

• https://www.suse.com/security/cve/CVE-2014-7815.html
• https://www.suse.com/security/cve/CVE-2015-5154.html
• https://www.suse.com/security/cve/CVE-2015-5278.html
• https://www.suse.com/security/cve/CVE-2015-5279.html
• https://www.suse.com/security/cve/CVE-2015-6855.html
• https://bugzilla.suse.com/show_bug.cgi?id=902737
• https://bugzilla.suse.com/show_bug.cgi?id=928308
• https://bugzilla.suse.com/show_bug.cgi?id=934506
• https://bugzilla.suse.com/show_bug.cgi?id=934517
• https://bugzilla.suse.com/show_bug.cgi?id=936537
• https://bugzilla.suse.com/show_bug.cgi?id=937125
• https://bugzilla.suse.com/show_bug.cgi?id=937572
• https://bugzilla.suse.com/show_bug.cgi?id=938344
• https://bugzilla.suse.com/show_bug.cgi?id=939216
• https://bugzilla.suse.com/show_bug.cgi?id=943446
• https://bugzilla.suse.com/show_bug.cgi?id=944017
• https://bugzilla.suse.com/show_bug.cgi?id=945404
• https://bugzilla.suse.com/show_bug.cgi?id=945778
• https://bugzilla.suse.com/show_bug.cgi?id=945987
• https://bugzilla.suse.com/show_bug.cgi?id=945989