openSUSE Security Update : qemu (openSUSE-2017-1072)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for qemu fixes the following issues :

Security issues fixed :

- CVE-2017-10664: Fix DOS vulnerability in qemu-nbd
(bsc#1046636)

- CVE-2017-10806: Fix DOS from stack overflow in debug
messages of usb redirection support (bsc#1047674)

- CVE-2017-11334: Fix OOB access during DMA operation
(bsc#1048902)

- CVE-2017-11434: Fix OOB access parsing dhcp slirp
options (bsc#1049381)

Following non-security issues were fixed :

- Postrequire acl for setfacl

- Prerequire shadow for groupadd

- The recent security fix for CVE-2017-11334 adversely
affects Xen. Include two additional patches to make sure
Xen is going to be OK.

- Pre-add group kvm for qemu-tools (bsc#1011144)

- Fixed a few more inaccuracies in the support docs.

- Fix support docs to indicate ARM64 is now fully L3
supported in SLES 12 SP3. Apply a few additional
clarifications in the support docs. (bsc#1050268)

- Adjust to libvdeplug-devel package naming changes.

- Fix migration with xhci (bsc#1048296)

- Increase VNC delay to fix missing keyboard input events
(bsc#1031692)

- Remove build dependency package iasl used for seabios

This update was imported from the SUSE:SLE-12-SP3:Update update
project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1011144
https://bugzilla.opensuse.org/show_bug.cgi?id=1031692
https://bugzilla.opensuse.org/show_bug.cgi?id=1046636
https://bugzilla.opensuse.org/show_bug.cgi?id=1047674
https://bugzilla.opensuse.org/show_bug.cgi?id=1048296
https://bugzilla.opensuse.org/show_bug.cgi?id=1048902
https://bugzilla.opensuse.org/show_bug.cgi?id=1049381
https://bugzilla.opensuse.org/show_bug.cgi?id=1050268

Solution :

Update the affected qemu packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 103292 ()

Bugtraq ID:

CVE ID: CVE-2017-10664
CVE-2017-10806
CVE-2017-11334
CVE-2017-11434

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now