Security update for qemu

SUSE Security Update: Security update for qemu
Announcement ID: SUSE-SU-2016:1703-1
Rating: important
References: #886378 #940929 #958491 #958917 #959005 #959386 #960334 #960708 #960725 #960835 #961332 #961333 #961358 #961556 #961691 #962320 #963782 #964411 #964413 #967969 #969121 #969122 #969350 #970036 #970037 #975128 #975136 #975700 #976109 #978158 #978160 #980711 #980723 #981266
Affected Products:
  • SUSE Linux Enterprise Server 12-SP1
  • SUSE Linux Enterprise Desktop 12-SP1
    		•

    An update that solves 32 vulnerabilities and has two fixes is now available.

    Description:

    qemu was updated to fix 29 security issues.

    These security issues were fixed:
    - CVE-2016-4439: Avoid OOB access in 53C9X emulation (bsc#980711)
    - CVE-2016-4441: Avoid OOB access in 53C9X emulation (bsc#980723)
    - CVE-2016-4952: Avoid OOB access in Vmware PV SCSI emulation (bsc#981266)
    - CVE-2015-8817: Avoid OOB access in PCI dma I/O (bsc#969121)
    - CVE-2015-8818: Avoid OOB access in PCI dma I/O (bsc#969122)
    - CVE-2016-3710: Fixed VGA emulation based OOB access with potential for
    guest escape (bsc#978158)
    - CVE-2016-3712: Fixed VGa emulation based DOS and OOB read access exploit
    (bsc#978160)
    - CVE-2016-4037: Fixed USB ehci based DOS (bsc#976109)
    - CVE-2016-2538: Fixed potential OOB access in USB net device emulation
    (bsc#967969)
    - CVE-2016-2841: Fixed OOB access / hang in ne2000 emulation (bsc#969350)
    - CVE-2016-2858: Avoid potential DOS when using QEMU pseudo random number
    generator (bsc#970036)
    - CVE-2016-2857: Fixed OOB access when processing IP checksums (bsc#970037)
    - CVE-2016-4001: Fixed OOB access in Stellaris enet emulated nic
    (bsc#975128)
    - CVE-2016-4002: Fixed OOB access in MIPSnet emulated controller
    (bsc#975136)
    - CVE-2016-4020: Fixed possible host data leakage to guest from TPR access
    (bsc#975700)
    - CVE-2016-2197: Prevent AHCI NULL pointer dereference when using FIS CLB
    engine (bsc#964411)
    - CVE-2015-5745: Buffer overflow in virtio-serial (bsc#940929).
    - CVE-2015-7549: PCI null pointer dereferences (bsc#958917).
    - CVE-2015-8504: VNC floating point exception (bsc#958491).
    - CVE-2015-8558: Infinite loop in ehci_advance_state resulting in DoS
    (bsc#959005).
    - CVE-2015-8567: A guest repeatedly activating a vmxnet3 device can leak
    host memory (bsc#959386).
    - CVE-2015-8568: A guest repeatedly activating a vmxnet3 device can leak
    host memory (bsc#959386).
    - CVE-2015-8613: Wrong sized memset in megasas command handler
    (bsc#961358).
    - CVE-2015-8619: Potential DoS for long HMP sendkey command argument
    (bsc#960334).
    - CVE-2015-8743: OOB memory access in ne2000 ioport r/w functions
    (bsc#960725).
    - CVE-2015-8744: Incorrect l2 header validation could have lead to a crash
    via assert(2) call (bsc#960835).
    - CVE-2015-8745: Reading IMR registers could have lead to a crash via
    assert(2) call (bsc#960708).
    - CVE-2016-1568: AHCI use-after-free in aio port commands (bsc#961332).
    - CVE-2016-1714: Potential OOB memory access in processing firmware
    configuration (bsc#961691).
    - CVE-2016-1922: NULL pointer dereference when processing hmp i/o command
    (bsc#962320).
    - CVE-2016-1981: Potential DoS (infinite loop) in e1000 device emulation
    by malicious privileged user within guest (bsc#963782).
    - CVE-2016-2198: Malicious privileged guest user were able to cause DoS by
    writing to read-only EHCI capabilities registers (bsc#964413).

    This non-security issue was fixed
    - bsc#886378: qemu truncates vhd images in virt-rescue

    Patch Instructions:

    To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Server 12-SP1:
      zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1007=1
    • SUSE Linux Enterprise Desktop 12-SP1:
      zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1007=1

    To bring your system up-to-date, use "zypper patch".

    Package List:

    • SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64):
      • qemu-2.3.1-14.1
      • qemu-block-curl-2.3.1-14.1
      • qemu-block-curl-debuginfo-2.3.1-14.1
      • qemu-debugsource-2.3.1-14.1
      • qemu-guest-agent-2.3.1-14.1
      • qemu-guest-agent-debuginfo-2.3.1-14.1
      • qemu-lang-2.3.1-14.1
      • qemu-tools-2.3.1-14.1
      • qemu-tools-debuginfo-2.3.1-14.1
    • SUSE Linux Enterprise Server 12-SP1 (s390x x86_64):
      • qemu-kvm-2.3.1-14.1
    • SUSE Linux Enterprise Server 12-SP1 (ppc64le):
      • qemu-ppc-2.3.1-14.1
      • qemu-ppc-debuginfo-2.3.1-14.1
    • SUSE Linux Enterprise Server 12-SP1 (noarch):
      • qemu-ipxe-1.0.0-14.1
      • qemu-seabios-1.8.1-14.1
      • qemu-sgabios-8-14.1
      • qemu-vgabios-1.8.1-14.1
    • SUSE Linux Enterprise Server 12-SP1 (x86_64):
      • qemu-block-rbd-2.3.1-14.1
      • qemu-block-rbd-debuginfo-2.3.1-14.1
      • qemu-x86-2.3.1-14.1
    • SUSE Linux Enterprise Server 12-SP1 (s390x):
      • qemu-s390-2.3.1-14.1
      • qemu-s390-debuginfo-2.3.1-14.1
    • SUSE Linux Enterprise Desktop 12-SP1 (x86_64):
      • qemu-2.3.1-14.1
      • qemu-block-curl-2.3.1-14.1
      • qemu-block-curl-debuginfo-2.3.1-14.1
      • qemu-debugsource-2.3.1-14.1
      • qemu-kvm-2.3.1-14.1
      • qemu-tools-2.3.1-14.1
      • qemu-tools-debuginfo-2.3.1-14.1
      • qemu-x86-2.3.1-14.1
    • SUSE Linux Enterprise Desktop 12-SP1 (noarch):
      • qemu-ipxe-1.0.0-14.1
      • qemu-seabios-1.8.1-14.1
      • qemu-sgabios-8-14.1
      • qemu-vgabios-1.8.1-14.1

    References: