openSUSE Security Update : qemu (openSUSE-2016-252)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update fixes the following security issues :

- Enforce receive packet size, thus eliminating buffer
overflow and potential security issue. (bsc#957162
CVE-2015-7512)

- Infinite loop in processing command block list.
CVE-2015-8345 (bsc#956829) :

This update also fixes a non-security bug :

- Due to space restrictions in limited bios data areas,
don't create mptable if vcpu count is 'high' (ie more
than ~19). (bsc#954864) (No supported guests are
negatively impacted by this change, which is taken from
upstream seabios)

This update was imported from the SUSE:SLE-12-SP1:Update update
project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=954864
https://bugzilla.opensuse.org/show_bug.cgi?id=956829
https://bugzilla.opensuse.org/show_bug.cgi?id=957162

Solution :

Update the affected qemu packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 88925 ()

Bugtraq ID:

CVE ID: CVE-2015-7512
CVE-2015-8345

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now