Security update for qemu

Announcement ID: SUSE-SU-2016:1703-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2015-5745 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2015-7549 ( NVD ): 6.0 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
  • CVE-2015-8504 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2015-8558 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2015-8567 ( NVD ): 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
  • CVE-2015-8568 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
  • CVE-2015-8613 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
  • CVE-2015-8743 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
  • CVE-2015-8744 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2015-8745 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2015-8817 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2015-8818 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2016-1568 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • CVE-2016-1568 ( NVD ): 8.5 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
  • CVE-2016-1714 ( NVD ): 8.1 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
  • CVE-2016-1922 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2016-1922 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2016-1981 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2016-1981 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2016-2197 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2016-2198 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2016-2198 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2016-2538 ( NVD ): 7.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  • CVE-2016-2841 ( NVD ): 6.0 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
  • CVE-2016-2857 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H
  • CVE-2016-2857 ( NVD ): 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
  • CVE-2016-2858 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
  • CVE-2016-2858 ( NVD ): 5.9 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
  • CVE-2016-3710 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • CVE-2016-3710 ( NVD ): 8.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • CVE-2016-3712 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2016-3712 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2016-4001 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
  • CVE-2016-4001 ( NVD ): 6.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
  • CVE-2016-4002 ( NVD ): 9.0 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
  • CVE-2016-4020 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
  • CVE-2016-4020 ( NVD ): 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
  • CVE-2016-4037 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
  • CVE-2016-4037 ( NVD ): 6.0 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
  • CVE-2016-4439 ( NVD ): 8.2 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
  • CVE-2016-4441 ( NVD ): 6.0 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
  • CVE-2016-4952 ( NVD ): 5.3 CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
Affected Products:
  • SUSE Linux Enterprise Desktop 12 SP1
  • SUSE Linux Enterprise Server 12 SP1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP1

An update that solves 32 vulnerabilities and has two security fixes can now be installed.

Description:

qemu was updated to fix 29 security issues.

These security issues were fixed: - CVE-2016-4439: Avoid OOB access in 53C9X emulation (bsc#980711) - CVE-2016-4441: Avoid OOB access in 53C9X emulation (bsc#980723) - CVE-2016-4952: Avoid OOB access in Vmware PV SCSI emulation (bsc#981266) - CVE-2015-8817: Avoid OOB access in PCI dma I/O (bsc#969121) - CVE-2015-8818: Avoid OOB access in PCI dma I/O (bsc#969122) - CVE-2016-3710: Fixed VGA emulation based OOB access with potential for guest escape (bsc#978158) - CVE-2016-3712: Fixed VGa emulation based DOS and OOB read access exploit (bsc#978160) - CVE-2016-4037: Fixed USB ehci based DOS (bsc#976109) - CVE-2016-2538: Fixed potential OOB access in USB net device emulation (bsc#967969) - CVE-2016-2841: Fixed OOB access / hang in ne2000 emulation (bsc#969350) - CVE-2016-2858: Avoid potential DOS when using QEMU pseudo random number generator (bsc#970036) - CVE-2016-2857: Fixed OOB access when processing IP checksums (bsc#970037) - CVE-2016-4001: Fixed OOB access in Stellaris enet emulated nic (bsc#975128) - CVE-2016-4002: Fixed OOB access in MIPSnet emulated controller (bsc#975136) - CVE-2016-4020: Fixed possible host data leakage to guest from TPR access (bsc#975700) - CVE-2016-2197: Prevent AHCI NULL pointer dereference when using FIS CLB engine (bsc#964411) - CVE-2015-5745: Buffer overflow in virtio-serial (bsc#940929). - CVE-2015-7549: PCI null pointer dereferences (bsc#958917). - CVE-2015-8504: VNC floating point exception (bsc#958491). - CVE-2015-8558: Infinite loop in ehci_advance_state resulting in DoS (bsc#959005). - CVE-2015-8567: A guest repeatedly activating a vmxnet3 device can leak host memory (bsc#959386). - CVE-2015-8568: A guest repeatedly activating a vmxnet3 device can leak host memory (bsc#959386). - CVE-2015-8613: Wrong sized memset in megasas command handler (bsc#961358). - CVE-2015-8619: Potential DoS for long HMP sendkey command argument (bsc#960334). - CVE-2015-8743: OOB memory access in ne2000 ioport r/w functions (bsc#960725). - CVE-2015-8744: Incorrect l2 header validation could have lead to a crash via assert(2) call (bsc#960835). - CVE-2015-8745: Reading IMR registers could have lead to a crash via assert(2) call (bsc#960708). - CVE-2016-1568: AHCI use-after-free in aio port commands (bsc#961332). - CVE-2016-1714: Potential OOB memory access in processing firmware configuration (bsc#961691). - CVE-2016-1922: NULL pointer dereference when processing hmp i/o command (bsc#962320). - CVE-2016-1981: Potential DoS (infinite loop) in e1000 device emulation by malicious privileged user within guest (bsc#963782). - CVE-2016-2198: Malicious privileged guest user were able to cause DoS by writing to read-only EHCI capabilities registers (bsc#964413).

This non-security issue was fixed - bsc#886378: qemu truncates vhd images in virt-rescue

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Desktop 12 SP1
    zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1007=1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP1
    zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1007=1
  • SUSE Linux Enterprise Server 12 SP1
    zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1007=1

Package List:

  • SUSE Linux Enterprise Desktop 12 SP1 (x86_64)
    • qemu-block-curl-debuginfo-2.3.1-14.1
    • qemu-debugsource-2.3.1-14.1
    • qemu-kvm-2.3.1-14.1
    • qemu-tools-debuginfo-2.3.1-14.1
    • qemu-block-curl-2.3.1-14.1
    • qemu-2.3.1-14.1
    • qemu-tools-2.3.1-14.1
    • qemu-x86-2.3.1-14.1
  • SUSE Linux Enterprise Desktop 12 SP1 (noarch)
    • qemu-vgabios-1.8.1-14.1
    • qemu-seabios-1.8.1-14.1
    • qemu-ipxe-1.0.0-14.1
    • qemu-sgabios-8-14.1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP1 (ppc64le x86_64)
    • qemu-block-curl-debuginfo-2.3.1-14.1
    • qemu-debugsource-2.3.1-14.1
    • qemu-lang-2.3.1-14.1
    • qemu-tools-debuginfo-2.3.1-14.1
    • qemu-guest-agent-2.3.1-14.1
    • qemu-block-curl-2.3.1-14.1
    • qemu-2.3.1-14.1
    • qemu-tools-2.3.1-14.1
    • qemu-guest-agent-debuginfo-2.3.1-14.1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP1 (ppc64le)
    • qemu-ppc-2.3.1-14.1
    • qemu-ppc-debuginfo-2.3.1-14.1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP1 (x86_64)
    • qemu-x86-2.3.1-14.1
    • qemu-block-rbd-debuginfo-2.3.1-14.1
    • qemu-block-rbd-2.3.1-14.1
    • qemu-kvm-2.3.1-14.1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP1 (noarch)
    • qemu-vgabios-1.8.1-14.1
    • qemu-seabios-1.8.1-14.1
    • qemu-ipxe-1.0.0-14.1
    • qemu-sgabios-8-14.1
  • SUSE Linux Enterprise Server 12 SP1 (ppc64le s390x x86_64)
    • qemu-block-curl-debuginfo-2.3.1-14.1
    • qemu-debugsource-2.3.1-14.1
    • qemu-lang-2.3.1-14.1
    • qemu-tools-debuginfo-2.3.1-14.1
    • qemu-guest-agent-2.3.1-14.1
    • qemu-block-curl-2.3.1-14.1
    • qemu-2.3.1-14.1
    • qemu-tools-2.3.1-14.1
    • qemu-guest-agent-debuginfo-2.3.1-14.1
  • SUSE Linux Enterprise Server 12 SP1 (ppc64le)
    • qemu-ppc-2.3.1-14.1
    • qemu-ppc-debuginfo-2.3.1-14.1
  • SUSE Linux Enterprise Server 12 SP1 (s390x x86_64)
    • qemu-kvm-2.3.1-14.1
  • SUSE Linux Enterprise Server 12 SP1 (s390x)
    • qemu-s390-debuginfo-2.3.1-14.1
    • qemu-s390-2.3.1-14.1
  • SUSE Linux Enterprise Server 12 SP1 (x86_64)
    • qemu-x86-2.3.1-14.1
    • qemu-block-rbd-debuginfo-2.3.1-14.1
    • qemu-block-rbd-2.3.1-14.1
  • SUSE Linux Enterprise Server 12 SP1 (noarch)
    • qemu-vgabios-1.8.1-14.1
    • qemu-seabios-1.8.1-14.1
    • qemu-ipxe-1.0.0-14.1
    • qemu-sgabios-8-14.1

References: