openSUSE Security Update : qemu (openSUSE-2016-1451)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for qemu fixes the following issues :

- Patch queue updated from
https://gitlab.suse.de/virtualization/qemu.git SLE12-SP1

- Change package post script udevadm trigger calls to be
device specific (bsc#1002116)

- Address various security/stability issues

- Fix OOB access in xlnx.xpx-ethernetlite emulation
(CVE-2016-7161 bsc#1001151)

- Fix OOB access in VMware SVGA emulation (CVE-2016-7170
bsc#998516)

- Fix DOS in USB xHCI emulation (CVE-2016-7466
bsc#1000345)

- Fix DOS in Vmware pv scsi interface (CVE-2016-7421
bsc#999661)

- Fix DOS in ColdFire Fast Ethernet Controller emulation
(CVE-2016-7908 bsc#1002550)

- Fix DOS in USB xHCI emulation (CVE-2016-8576
bsc#1003878)

- Fix DOS in virtio-9pfs (CVE-2016-8578 bsc#1003894)

- Fix DOS in virtio-9pfs (CVE-2016-9105 bsc#1007494)

- Fix DOS in virtio-9pfs (CVE-2016-8577 bsc#1003893)

- Plug data leak in virtio-9pfs interface (CVE-2016-9103
bsc#1007454)

- Fix DOS in virtio-9pfs interface (CVE-2016-9102
bsc#1007450)

- Fix DOS in virtio-9pfs (CVE-2016-9106 bsc#1007495)

- Fix DOS in 16550A UART emulation (CVE-2016-8669
bsc#1004707)

- Fix DOS in PC-Net II emulation (CVE-2016-7909
bsc#1002557)

- Fix DOS in PRO100 emulation (CVE-2016-9101 bsc#1007391)

- Fix DOS in RTL8139 emulation (CVE-2016-8910 bsc#1006538)

- Fix DOS in Intel HDA controller emulation (CVE-2016-8909
bsc#1006536)

- Fix DOS in virtio-9pfs (CVE-2016-9104 bsc#1007493)

- Fix DOS in JAZZ RC4030 emulation (CVE-2016-8667
bsc#1004702)

- Fix case of disk corruption with migration due to
improper internal state tracking (bsc#996524)

This update was imported from the SUSE:SLE-12-SP1:Update update
project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1000345
https://bugzilla.opensuse.org/show_bug.cgi?id=1001151
https://bugzilla.opensuse.org/show_bug.cgi?id=1002116
https://bugzilla.opensuse.org/show_bug.cgi?id=1002550
https://bugzilla.opensuse.org/show_bug.cgi?id=1002557
https://bugzilla.opensuse.org/show_bug.cgi?id=1003878
https://bugzilla.opensuse.org/show_bug.cgi?id=1003893
https://bugzilla.opensuse.org/show_bug.cgi?id=1003894
https://bugzilla.opensuse.org/show_bug.cgi?id=1004702
https://bugzilla.opensuse.org/show_bug.cgi?id=1004707
https://bugzilla.opensuse.org/show_bug.cgi?id=1006536
https://bugzilla.opensuse.org/show_bug.cgi?id=1006538
https://bugzilla.opensuse.org/show_bug.cgi?id=1007391
https://bugzilla.opensuse.org/show_bug.cgi?id=1007450
https://bugzilla.opensuse.org/show_bug.cgi?id=1007454
https://bugzilla.opensuse.org/show_bug.cgi?id=1007493
https://bugzilla.opensuse.org/show_bug.cgi?id=1007494
https://bugzilla.opensuse.org/show_bug.cgi?id=1007495
https://bugzilla.opensuse.org/show_bug.cgi?id=996524
https://bugzilla.opensuse.org/show_bug.cgi?id=998516
https://bugzilla.opensuse.org/show_bug.cgi?id=999661
https://gitlab.suse.de/virtualization/qemu.git

Solution :

Update the affected qemu packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now