openSUSE Security Update : qemu (openSUSE-2016-1451)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for qemu fixes the following issues :

- Patch queue updated from SLE12-SP1

- Change package post script udevadm trigger calls to be
device specific (bsc#1002116)

- Address various security/stability issues

- Fix OOB access in xlnx.xpx-ethernetlite emulation
(CVE-2016-7161 bsc#1001151)

- Fix OOB access in VMware SVGA emulation (CVE-2016-7170

- Fix DOS in USB xHCI emulation (CVE-2016-7466

- Fix DOS in Vmware pv scsi interface (CVE-2016-7421

- Fix DOS in ColdFire Fast Ethernet Controller emulation
(CVE-2016-7908 bsc#1002550)

- Fix DOS in USB xHCI emulation (CVE-2016-8576

- Fix DOS in virtio-9pfs (CVE-2016-8578 bsc#1003894)

- Fix DOS in virtio-9pfs (CVE-2016-9105 bsc#1007494)

- Fix DOS in virtio-9pfs (CVE-2016-8577 bsc#1003893)

- Plug data leak in virtio-9pfs interface (CVE-2016-9103

- Fix DOS in virtio-9pfs interface (CVE-2016-9102

- Fix DOS in virtio-9pfs (CVE-2016-9106 bsc#1007495)

- Fix DOS in 16550A UART emulation (CVE-2016-8669

- Fix DOS in PC-Net II emulation (CVE-2016-7909

- Fix DOS in PRO100 emulation (CVE-2016-9101 bsc#1007391)

- Fix DOS in RTL8139 emulation (CVE-2016-8910 bsc#1006538)

- Fix DOS in Intel HDA controller emulation (CVE-2016-8909

- Fix DOS in virtio-9pfs (CVE-2016-9104 bsc#1007493)

- Fix DOS in JAZZ RC4030 emulation (CVE-2016-8667

- Fix case of disk corruption with migration due to
improper internal state tracking (bsc#996524)

This update was imported from the SUSE:SLE-12-SP1:Update update

See also :

Solution :

Update the affected qemu packages.

Risk factor :

Critical / CVSS Base Score : 10.0

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now