Detections
Analytics

openSUSE Security Update : qemu (openSUSE-2016-1451)

critical Nessus Plugin ID 95757

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for qemu fixes the following issues :

 - Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE12-SP1

 - Change package post script udevadm trigger calls to be device specific (bsc#1002116)

 - Address various security/stability issues

 - Fix OOB access in xlnx.xpx-ethernetlite emulation (CVE-2016-7161 bsc#1001151)

 - Fix OOB access in VMware SVGA emulation (CVE-2016-7170 bsc#998516)

 - Fix DOS in USB xHCI emulation (CVE-2016-7466 bsc#1000345)

 - Fix DOS in Vmware pv scsi interface (CVE-2016-7421 bsc#999661)

 - Fix DOS in ColdFire Fast Ethernet Controller emulation (CVE-2016-7908 bsc#1002550)

 - Fix DOS in USB xHCI emulation (CVE-2016-8576 bsc#1003878)

 - Fix DOS in virtio-9pfs (CVE-2016-8578 bsc#1003894)

 - Fix DOS in virtio-9pfs (CVE-2016-9105 bsc#1007494)

 - Fix DOS in virtio-9pfs (CVE-2016-8577 bsc#1003893)

 - Plug data leak in virtio-9pfs interface (CVE-2016-9103 bsc#1007454)

 - Fix DOS in virtio-9pfs interface (CVE-2016-9102 bsc#1007450)

 - Fix DOS in virtio-9pfs (CVE-2016-9106 bsc#1007495)

 - Fix DOS in 16550A UART emulation (CVE-2016-8669 bsc#1004707)

 - Fix DOS in PC-Net II emulation (CVE-2016-7909 bsc#1002557)

 - Fix DOS in PRO100 emulation (CVE-2016-9101 bsc#1007391)

 - Fix DOS in RTL8139 emulation (CVE-2016-8910 bsc#1006538)

 - Fix DOS in Intel HDA controller emulation (CVE-2016-8909 bsc#1006536)

 - Fix DOS in virtio-9pfs (CVE-2016-9104 bsc#1007493)

 - Fix DOS in JAZZ RC4030 emulation (CVE-2016-8667 bsc#1004702)

 - Fix case of disk corruption with migration due to improper internal state tracking (bsc#996524)

This update was imported from the SUSE:SLE-12-SP1:Update update project.

Solution

Update the affected qemu packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1000345

https://bugzilla.opensuse.org/show_bug.cgi?id=1001151

https://bugzilla.opensuse.org/show_bug.cgi?id=1002116

https://bugzilla.opensuse.org/show_bug.cgi?id=1002550

https://bugzilla.opensuse.org/show_bug.cgi?id=1002557

https://bugzilla.opensuse.org/show_bug.cgi?id=1003878

https://bugzilla.opensuse.org/show_bug.cgi?id=1003893

https://bugzilla.opensuse.org/show_bug.cgi?id=1003894

https://bugzilla.opensuse.org/show_bug.cgi?id=1004702

https://bugzilla.opensuse.org/show_bug.cgi?id=1004707

https://bugzilla.opensuse.org/show_bug.cgi?id=1006536

https://bugzilla.opensuse.org/show_bug.cgi?id=1006538

https://bugzilla.opensuse.org/show_bug.cgi?id=1007391

https://bugzilla.opensuse.org/show_bug.cgi?id=1007450

https://bugzilla.opensuse.org/show_bug.cgi?id=1007454

https://bugzilla.opensuse.org/show_bug.cgi?id=1007493

https://bugzilla.opensuse.org/show_bug.cgi?id=1007494

https://bugzilla.opensuse.org/show_bug.cgi?id=1007495

https://bugzilla.opensuse.org/show_bug.cgi?id=996524

https://bugzilla.opensuse.org/show_bug.cgi?id=998516

https://bugzilla.opensuse.org/show_bug.cgi?id=999661

https://gitlab.suse.de/virtualization/qemu.git

Plugin Details

Severity: Critical

ID: 95757

File Name: openSUSE-2016-1451.nasl

Version: 3.3

Type: local

Agent: unix

Published: 12/13/2016

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:qemu-block-curl-debuginfo, p-cpe:/a:novell:opensuse:qemu-block-rbd, p-cpe:/a:novell:opensuse:qemu-block-rbd-debuginfo, p-cpe:/a:novell:opensuse:qemu-debugsource, p-cpe:/a:novell:opensuse:qemu-extra, p-cpe:/a:novell:opensuse:qemu-extra-debuginfo, p-cpe:/a:novell:opensuse:qemu-guest-agent, p-cpe:/a:novell:opensuse:qemu-guest-agent-debuginfo, p-cpe:/a:novell:opensuse:qemu-ipxe, p-cpe:/a:novell:opensuse:qemu-kvm, p-cpe:/a:novell:opensuse:qemu-lang, p-cpe:/a:novell:opensuse:qemu-linux-user, p-cpe:/a:novell:opensuse:qemu-linux-user-debuginfo, p-cpe:/a:novell:opensuse:qemu-linux-user-debugsource, p-cpe:/a:novell:opensuse:qemu-ppc, p-cpe:/a:novell:opensuse:qemu-ppc-debuginfo, p-cpe:/a:novell:opensuse:qemu-s390, p-cpe:/a:novell:opensuse:qemu-s390-debuginfo, p-cpe:/a:novell:opensuse:qemu-seabios, p-cpe:/a:novell:opensuse:qemu-sgabios, p-cpe:/a:novell:opensuse:qemu-testsuite, p-cpe:/a:novell:opensuse:qemu-tools, p-cpe:/a:novell:opensuse:qemu-tools-debuginfo, p-cpe:/a:novell:opensuse:qemu-vgabios, p-cpe:/a:novell:opensuse:qemu-x86, p-cpe:/a:novell:opensuse:qemu-x86-debuginfo, cpe:/o:novell:opensuse:42.1, p-cpe:/a:novell:opensuse:qemu, p-cpe:/a:novell:opensuse:qemu-arm, p-cpe:/a:novell:opensuse:qemu-arm-debuginfo, p-cpe:/a:novell:opensuse:qemu-block-curl

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 12/12/2016

Reference Information

CVE: CVE-2016-7161, CVE-2016-7170, CVE-2016-7421, CVE-2016-7466, CVE-2016-7908, CVE-2016-7909, CVE-2016-8576, CVE-2016-8577, CVE-2016-8578, CVE-2016-8667, CVE-2016-8669, CVE-2016-8909, CVE-2016-8910, CVE-2016-9101, CVE-2016-9102, CVE-2016-9103, CVE-2016-9104, CVE-2016-9105, CVE-2016-9106