openSUSE Security Update : qemu (openSUSE-2016-839)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

qemu was updated to fix 29 security issues.

These security issues were fixed :

- CVE-2016-4439: Avoid OOB access in 53C9X emulation
(bsc#980711)

- CVE-2016-4441: Avoid OOB access in 53C9X emulation
(bsc#980723)

- CVE-2016-4952: Avoid OOB access in Vmware PV SCSI
emulation (bsc#981266)

- CVE-2015-8817: Avoid OOB access in PCI dma I/O
(bsc#969121)

- CVE-2015-8818: Avoid OOB access in PCI dma I/O
(bsc#969122)

- CVE-2016-3710: Fixed VGA emulation based OOB access with
potential for guest escape (bsc#978158)

- CVE-2016-3712: Fixed VGa emulation based DOS and OOB
read access exploit (bsc#978160)

- CVE-2016-4037: Fixed USB ehci based DOS (bsc#976109)

- CVE-2016-2538: Fixed potential OOB access in USB net
device emulation (bsc#967969)

- CVE-2016-2841: Fixed OOB access / hang in ne2000
emulation (bsc#969350)

- CVE-2016-2858: Avoid potential DOS when using QEMU
pseudo random number generator (bsc#970036)

- CVE-2016-2857: Fixed OOB access when processing IP
checksums (bsc#970037)

- CVE-2016-4001: Fixed OOB access in Stellaris enet
emulated nic (bsc#975128)

- CVE-2016-4002: Fixed OOB access in MIPSnet emulated
controller (bsc#975136)

- CVE-2016-4020: Fixed possible host data leakage to guest
from TPR access (bsc#975700)

- CVE-2016-2197: Prevent AHCI NULL pointer dereference
when using FIS CLB engine (bsc#964411)

- CVE-2015-5745: Buffer overflow in virtio-serial
(bsc#940929).

- CVE-2015-7549: PCI NULL pointer dereferences
(bsc#958917).

- CVE-2015-8504: VNC floating point exception
(bsc#958491).

- CVE-2015-8558: Infinite loop in ehci_advance_state
resulting in DoS (bsc#959005).

- CVE-2015-8567: A guest repeatedly activating a vmxnet3
device can leak host memory (bsc#959386).

- CVE-2015-8568: A guest repeatedly activating a vmxnet3
device can leak host memory (bsc#959386).

- CVE-2015-8613: Wrong sized memset in megasas command
handler (bsc#961358).

- CVE-2015-8619: Potential DoS for long HMP sendkey
command argument (bsc#960334).

- CVE-2015-8743: OOB memory access in ne2000 ioport r/w
functions (bsc#960725).

- CVE-2015-8744: Incorrect l2 header validation could have
lead to a crash via assert(2) call (bsc#960835).

- CVE-2015-8745: Reading IMR registers could have lead to
a crash via assert(2) call (bsc#960708).

- CVE-2016-1568: AHCI use-after-free in aio port commands
(bsc#961332).

- CVE-2016-1714: Potential OOB memory access in processing
firmware configuration (bsc#961691).

- CVE-2016-1922: NULL pointer dereference when processing
hmp i/o command (bsc#962320).

- CVE-2016-1981: Potential DoS (infinite loop) in e1000
device emulation by malicious privileged user within
guest (bsc#963782).

- CVE-2016-2198: Malicious privileged guest user were able
to cause DoS by writing to read-only EHCI capabilities
registers (bsc#964413).

This non-security issue was fixed

- bsc#886378: qemu truncates vhd images in virt-rescue

This update was imported from the SUSE:SLE-12-SP1:Update update
project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=886378
https://bugzilla.opensuse.org/show_bug.cgi?id=940929
https://bugzilla.opensuse.org/show_bug.cgi?id=958491
https://bugzilla.opensuse.org/show_bug.cgi?id=958917
https://bugzilla.opensuse.org/show_bug.cgi?id=959005
https://bugzilla.opensuse.org/show_bug.cgi?id=959386
https://bugzilla.opensuse.org/show_bug.cgi?id=960334
https://bugzilla.opensuse.org/show_bug.cgi?id=960708
https://bugzilla.opensuse.org/show_bug.cgi?id=960725
https://bugzilla.opensuse.org/show_bug.cgi?id=960835
https://bugzilla.opensuse.org/show_bug.cgi?id=961332
https://bugzilla.opensuse.org/show_bug.cgi?id=961333
https://bugzilla.opensuse.org/show_bug.cgi?id=961358
https://bugzilla.opensuse.org/show_bug.cgi?id=961556
https://bugzilla.opensuse.org/show_bug.cgi?id=961691
https://bugzilla.opensuse.org/show_bug.cgi?id=962320
https://bugzilla.opensuse.org/show_bug.cgi?id=963782
https://bugzilla.opensuse.org/show_bug.cgi?id=964411
https://bugzilla.opensuse.org/show_bug.cgi?id=964413
https://bugzilla.opensuse.org/show_bug.cgi?id=967969
https://bugzilla.opensuse.org/show_bug.cgi?id=969121
https://bugzilla.opensuse.org/show_bug.cgi?id=969122
https://bugzilla.opensuse.org/show_bug.cgi?id=969350
https://bugzilla.opensuse.org/show_bug.cgi?id=970036
https://bugzilla.opensuse.org/show_bug.cgi?id=970037
https://bugzilla.opensuse.org/show_bug.cgi?id=975128
https://bugzilla.opensuse.org/show_bug.cgi?id=975136
https://bugzilla.opensuse.org/show_bug.cgi?id=975700
https://bugzilla.opensuse.org/show_bug.cgi?id=976109
https://bugzilla.opensuse.org/show_bug.cgi?id=978158
https://bugzilla.opensuse.org/show_bug.cgi?id=978160
https://bugzilla.opensuse.org/show_bug.cgi?id=980711
https://bugzilla.opensuse.org/show_bug.cgi?id=980723
https://bugzilla.opensuse.org/show_bug.cgi?id=981266

Solution :

Update the affected qemu packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)