openSUSE Security Update : qemu (openSUSE-2016-839)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

qemu was updated to fix 29 security issues.

These security issues were fixed :

- CVE-2016-4439: Avoid OOB access in 53C9X emulation

- CVE-2016-4441: Avoid OOB access in 53C9X emulation

- CVE-2016-4952: Avoid OOB access in Vmware PV SCSI
emulation (bsc#981266)

- CVE-2015-8817: Avoid OOB access in PCI dma I/O

- CVE-2015-8818: Avoid OOB access in PCI dma I/O

- CVE-2016-3710: Fixed VGA emulation based OOB access with
potential for guest escape (bsc#978158)

- CVE-2016-3712: Fixed VGa emulation based DOS and OOB
read access exploit (bsc#978160)

- CVE-2016-4037: Fixed USB ehci based DOS (bsc#976109)

- CVE-2016-2538: Fixed potential OOB access in USB net
device emulation (bsc#967969)

- CVE-2016-2841: Fixed OOB access / hang in ne2000
emulation (bsc#969350)

- CVE-2016-2858: Avoid potential DOS when using QEMU
pseudo random number generator (bsc#970036)

- CVE-2016-2857: Fixed OOB access when processing IP
checksums (bsc#970037)

- CVE-2016-4001: Fixed OOB access in Stellaris enet
emulated nic (bsc#975128)

- CVE-2016-4002: Fixed OOB access in MIPSnet emulated
controller (bsc#975136)

- CVE-2016-4020: Fixed possible host data leakage to guest
from TPR access (bsc#975700)

- CVE-2016-2197: Prevent AHCI NULL pointer dereference
when using FIS CLB engine (bsc#964411)

- CVE-2015-5745: Buffer overflow in virtio-serial

- CVE-2015-7549: PCI NULL pointer dereferences

- CVE-2015-8504: VNC floating point exception

- CVE-2015-8558: Infinite loop in ehci_advance_state
resulting in DoS (bsc#959005).

- CVE-2015-8567: A guest repeatedly activating a vmxnet3
device can leak host memory (bsc#959386).

- CVE-2015-8568: A guest repeatedly activating a vmxnet3
device can leak host memory (bsc#959386).

- CVE-2015-8613: Wrong sized memset in megasas command
handler (bsc#961358).

- CVE-2015-8619: Potential DoS for long HMP sendkey
command argument (bsc#960334).

- CVE-2015-8743: OOB memory access in ne2000 ioport r/w
functions (bsc#960725).

- CVE-2015-8744: Incorrect l2 header validation could have
lead to a crash via assert(2) call (bsc#960835).

- CVE-2015-8745: Reading IMR registers could have lead to
a crash via assert(2) call (bsc#960708).

- CVE-2016-1568: AHCI use-after-free in aio port commands

- CVE-2016-1714: Potential OOB memory access in processing
firmware configuration (bsc#961691).

- CVE-2016-1922: NULL pointer dereference when processing
hmp i/o command (bsc#962320).

- CVE-2016-1981: Potential DoS (infinite loop) in e1000
device emulation by malicious privileged user within
guest (bsc#963782).

- CVE-2016-2198: Malicious privileged guest user were able
to cause DoS by writing to read-only EHCI capabilities
registers (bsc#964413).

This non-security issue was fixed

- bsc#886378: qemu truncates vhd images in virt-rescue

This update was imported from the SUSE:SLE-12-SP1:Update update

See also :

Solution :

Update the affected qemu packages.

Risk factor :

High / CVSS Base Score : 9.3