openSUSE Security Update : qemu (openSUSE-2017-589)

critical Nessus Plugin ID 100232

Language:

New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for qemu fixes several issues.

These security issues were fixed :

 - CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation (bsc#1024972)

 - CVE-2017-2615: An error in the bitblt copy operation could have allowed a malicious guest administrator to cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation (bsc#1023004)

 - CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a memory leakage issue allowing a privileged user to leak host memory resulting in DoS (bsc#1023053)

 - CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support was vulnerable to an infinite loop issue while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could have used this issue to crash the Qemu process on the host leading to DoS (bsc#1013285)

 - CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory leakage issue while processing packet data in 'ehci_init_transfer'. A guest user/process could have used this issue to leak host memory, resulting in DoS for the host (bsc#1014111)

 - CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a memory leakage flaw when destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could have used this issue to leak host memory, resulting in DoS for a host (bsc#1014109)

 - CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702)

 - CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702)

 - CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1021129)

 - CVE-2017-5526: The ES1370 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1020589)

 - CVE-2017-5525: The ac97 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1020491)

 - CVE-2017-5667: The SDHCI device emulation support was vulnerable to an OOB heap access issue allowing a privileged user inside the guest to crash the Qemu process resulting in DoS or potentially execute arbitrary code with privileges of the Qemu process on the host (bsc#1022541)

 - CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow allowing a privileged user inside the guest to crash the Qemu process resulting in DoS (bnc#1023907)

These non-security issues were fixed :

 - Fix post script for qemu-guest-agent rpm to actually activate the guest agent at rpm install time

 - Fixed various inaccuracies in cirrus vga device emulation

 - Fixed cause of infrequent migration failures from bad virtio device state (bsc#1020928)

 - Fixed virtio interface failure (bsc#1015048)

 - Fixed graphical update errors introduced by previous security fix (bsc#1016779)

 - Fixed uint64 property parsing and add regression tests (bsc#937125)

This update was imported from the SUSE:SLE-12-SP1:Update update project.

Solution

Update the affected qemu packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1015169

https://bugzilla.opensuse.org/show_bug.cgi?id=1023004

https://bugzilla.opensuse.org/show_bug.cgi?id=1013285

https://bugzilla.opensuse.org/show_bug.cgi?id=1014109

https://bugzilla.opensuse.org/show_bug.cgi?id=1014111

https://bugzilla.opensuse.org/show_bug.cgi?id=1016779

https://bugzilla.opensuse.org/show_bug.cgi?id=937125

https://bugzilla.opensuse.org/show_bug.cgi?id=1014702

https://bugzilla.opensuse.org/show_bug.cgi?id=1015048

https://bugzilla.opensuse.org/show_bug.cgi?id=1020491

https://bugzilla.opensuse.org/show_bug.cgi?id=1020589

https://bugzilla.opensuse.org/show_bug.cgi?id=1020928

https://bugzilla.opensuse.org/show_bug.cgi?id=1021129

https://bugzilla.opensuse.org/show_bug.cgi?id=1022541

https://bugzilla.opensuse.org/show_bug.cgi?id=1023053

https://bugzilla.opensuse.org/show_bug.cgi?id=1023907

https://bugzilla.opensuse.org/show_bug.cgi?id=1024972

Plugin Details

Severity: Critical

ID: 100232

File Name: openSUSE-2017-589.nasl

Version: 3.9

Type: local

Agent: unix

Published: 5/17/2017

Updated: 6/3/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 6.5

CVSS v2

Risk Factor: High

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:2.3:o:novell:opensuse:42.1:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:qemu:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:qemu-arm:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:qemu-arm-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:qemu-block-curl:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:qemu-block-curl-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:qemu-block-rbd:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:qemu-block-rbd-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:qemu-debugsource:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:qemu-extra:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:qemu-extra-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:qemu-guest-agent:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:qemu-guest-agent-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:qemu-ipxe:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:qemu-kvm:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:qemu-lang:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:qemu-linux-user:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:qemu-linux-user-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:qemu-linux-user-debugsource:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:qemu-ppc:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:qemu-ppc-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:qemu-s390:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:qemu-s390-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:qemu-seabios:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:qemu-sgabios:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:qemu-testsuite:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:qemu-tools:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:qemu-tools-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:qemu-vgabios:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:qemu-x86:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:opensuse:qemu-x86-debuginfo:*:*:*:*:*:*:*

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 5/16/2017

Reference Information

CVE: CVE-2017-5898, CVE-2016-10155, CVE-2016-9776, CVE-2016-9907, CVE-2016-9911, CVE-2016-9921, CVE-2016-9922, CVE-2017-2615, CVE-2017-2620, CVE-2017-5856, CVE-2017-5667, CVE-2017-5525, CVE-2017-5526

IAVB: 2017-B-0024-S