SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2015:1782-1)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote SUSE host is missing one or more security updates.

Description :

qemu was updated to fix several security issues and bugs.

The following vulnerabilities were fixed :

- CVE-2015-5154: Heap-based buffer overflow in the IDE
subsystem in QEMU, when the container has a CDROM drive
enabled, allows local guest users to execute arbitrary
code on the host via unspecified ATAPI commands.
(bsc#938344).

- CVE-2015-5278: QEMU was vulnerable to an infinite loop
issue that could occur when receiving packets over the
network. (bsc#945989)

- CVE-2015-5279: QEMU was vulnerable to a heap buffer
overflow issue that could occur when receiving packets
over the network. (bsc#945987)

- CVE-2015-6855: QEMU was vulnerable to a divide by zero
issue that could occur while executing an IDE command
WIN_READ_NATIVE_MAX to determine the maximum size of a
drive. (bsc#945404)

- CVE-2014-7815: The set_pixel_format function in ui/vnc.c
in QEMU allowed remote attackers to cause a denial of
service (crash) via a small bytes_per_pixel value.
(bsc#902737) :

Also these non-security issues were fixed :

- bsc#937572: Fixed dictzip on big endian systems

- bsc#934517: Fix 'info tlb' causes guest to freeze

- bsc#934506: Fix vte monitor consol looks empy

- bsc#937125: Fix parsing of scsi-disk wwn uint64 property

- bsc#945778: Drop .probe hooks for DictZip and tar block
drivers

- bsc#937572: Fold common-obj-y -> block-obj-y change into
original patches

- bsc#928308,bsc#944017: Fix virtio-ccw index errors when
initrd gets too large

- bsc#936537: Fix possible qemu-img error when converting
to compressed qcow2 image

- bsc#939216: Fix reboot fail after install using uefi

- bsc#943446: qemu-img convert doesn't create MB aligned
VHDs anymore

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/902737
https://bugzilla.suse.com/928308
https://bugzilla.suse.com/934506
https://bugzilla.suse.com/934517
https://bugzilla.suse.com/936537
https://bugzilla.suse.com/937125
https://bugzilla.suse.com/937572
https://bugzilla.suse.com/938344
https://bugzilla.suse.com/939216
https://bugzilla.suse.com/943446
https://bugzilla.suse.com/944017
https://bugzilla.suse.com/945404
https://bugzilla.suse.com/945778
https://bugzilla.suse.com/945987
https://bugzilla.suse.com/945989
https://www.suse.com/security/cve/CVE-2014-7815.html
https://www.suse.com/security/cve/CVE-2015-5154.html
https://www.suse.com/security/cve/CVE-2015-5278.html
https://www.suse.com/security/cve/CVE-2015-5279.html
https://www.suse.com/security/cve/CVE-2015-6855.html
http://www.nessus.org/u?c01d1067

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 12 :

zypper in -t patch SUSE-SLE-SERVER-12-2015-715=1

SUSE Linux Enterprise Desktop 12 :

zypper in -t patch SUSE-SLE-DESKTOP-12-2015-715=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: SuSE Local Security Checks

Nessus Plugin ID: 86490 ()

Bugtraq ID: 70998

CVE ID: CVE-2014-7815
CVE-2015-5154
CVE-2015-5278
CVE-2015-5279
CVE-2015-6855

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now