openSUSE Security Update : qemu (openSUSE-2017-1072)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for qemu fixes the following issues :

Security issues fixed :

- CVE-2017-10664: Fix DOS vulnerability in qemu-nbd

- CVE-2017-10806: Fix DOS from stack overflow in debug
messages of usb redirection support (bsc#1047674)

- CVE-2017-11334: Fix OOB access during DMA operation

- CVE-2017-11434: Fix OOB access parsing dhcp slirp
options (bsc#1049381)

Following non-security issues were fixed :

- Postrequire acl for setfacl

- Prerequire shadow for groupadd

- The recent security fix for CVE-2017-11334 adversely
affects Xen. Include two additional patches to make sure
Xen is going to be OK.

- Pre-add group kvm for qemu-tools (bsc#1011144)

- Fixed a few more inaccuracies in the support docs.

- Fix support docs to indicate ARM64 is now fully L3
supported in SLES 12 SP3. Apply a few additional
clarifications in the support docs. (bsc#1050268)

- Adjust to libvdeplug-devel package naming changes.

- Fix migration with xhci (bsc#1048296)

- Increase VNC delay to fix missing keyboard input events

- Remove build dependency package iasl used for seabios

This update was imported from the SUSE:SLE-12-SP3:Update update

See also :

Solution :

Update the affected qemu packages.

Risk factor :

Medium / CVSS Base Score : 5.0

Family: SuSE Local Security Checks

Nessus Plugin ID: 103292 ()

Bugtraq ID:

CVE ID: CVE-2017-10664

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now