openSUSE Security Update : qemu (openSUSE-2017-1072)

Medium Nessus Plugin ID 103292

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 5.1

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for qemu fixes the following issues :

Security issues fixed :

- CVE-2017-10664: Fix DOS vulnerability in qemu-nbd (bsc#1046636)

- CVE-2017-10806: Fix DOS from stack overflow in debug messages of usb redirection support (bsc#1047674)

- CVE-2017-11334: Fix OOB access during DMA operation (bsc#1048902)

- CVE-2017-11434: Fix OOB access parsing dhcp slirp options (bsc#1049381)

Following non-security issues were fixed :

- Postrequire acl for setfacl

- Prerequire shadow for groupadd

- The recent security fix for CVE-2017-11334 adversely affects Xen. Include two additional patches to make sure Xen is going to be OK.

- Pre-add group kvm for qemu-tools (bsc#1011144)

- Fixed a few more inaccuracies in the support docs.

- Fix support docs to indicate ARM64 is now fully L3 supported in SLES 12 SP3. Apply a few additional clarifications in the support docs. (bsc#1050268)

- Adjust to libvdeplug-devel package naming changes.

- Fix migration with xhci (bsc#1048296)

- Increase VNC delay to fix missing keyboard input events (bsc#1031692)

- Remove build dependency package iasl used for seabios

This update was imported from the SUSE:SLE-12-SP3:Update update project.

Solution

Update the affected qemu packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1011144

https://bugzilla.opensuse.org/show_bug.cgi?id=1031692

https://bugzilla.opensuse.org/show_bug.cgi?id=1046636

https://bugzilla.opensuse.org/show_bug.cgi?id=1047674

https://bugzilla.opensuse.org/show_bug.cgi?id=1048296

https://bugzilla.opensuse.org/show_bug.cgi?id=1048902

https://bugzilla.opensuse.org/show_bug.cgi?id=1049381

https://bugzilla.opensuse.org/show_bug.cgi?id=1050268

Plugin Details

Severity: Medium

ID: 103292

File Name: openSUSE-2017-1072.nasl

Version: 3.3

Type: local

Agent: unix

Published: 2017/09/18

Updated: 2020/06/04

Dependencies: 12634

Risk Information

Risk Factor: Medium

VPR Score: 5.1

CVSS v2.0

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:qemu, p-cpe:/a:novell:opensuse:qemu-arm, p-cpe:/a:novell:opensuse:qemu-arm-debuginfo, p-cpe:/a:novell:opensuse:qemu-block-curl, p-cpe:/a:novell:opensuse:qemu-block-curl-debuginfo, p-cpe:/a:novell:opensuse:qemu-block-dmg, p-cpe:/a:novell:opensuse:qemu-block-dmg-debuginfo, p-cpe:/a:novell:opensuse:qemu-block-iscsi, p-cpe:/a:novell:opensuse:qemu-block-iscsi-debuginfo, p-cpe:/a:novell:opensuse:qemu-block-rbd, p-cpe:/a:novell:opensuse:qemu-block-rbd-debuginfo, p-cpe:/a:novell:opensuse:qemu-block-ssh, p-cpe:/a:novell:opensuse:qemu-block-ssh-debuginfo, p-cpe:/a:novell:opensuse:qemu-debugsource, p-cpe:/a:novell:opensuse:qemu-extra, p-cpe:/a:novell:opensuse:qemu-extra-debuginfo, p-cpe:/a:novell:opensuse:qemu-guest-agent, p-cpe:/a:novell:opensuse:qemu-guest-agent-debuginfo, p-cpe:/a:novell:opensuse:qemu-ipxe, p-cpe:/a:novell:opensuse:qemu-ksm, p-cpe:/a:novell:opensuse:qemu-kvm, p-cpe:/a:novell:opensuse:qemu-lang, p-cpe:/a:novell:opensuse:qemu-linux-user, p-cpe:/a:novell:opensuse:qemu-linux-user-debuginfo, p-cpe:/a:novell:opensuse:qemu-linux-user-debugsource, p-cpe:/a:novell:opensuse:qemu-ppc, p-cpe:/a:novell:opensuse:qemu-ppc-debuginfo, p-cpe:/a:novell:opensuse:qemu-s390, p-cpe:/a:novell:opensuse:qemu-s390-debuginfo, p-cpe:/a:novell:opensuse:qemu-seabios, p-cpe:/a:novell:opensuse:qemu-sgabios, p-cpe:/a:novell:opensuse:qemu-testsuite, p-cpe:/a:novell:opensuse:qemu-tools, p-cpe:/a:novell:opensuse:qemu-tools-debuginfo, p-cpe:/a:novell:opensuse:qemu-vgabios, p-cpe:/a:novell:opensuse:qemu-x86, p-cpe:/a:novell:opensuse:qemu-x86-debuginfo, cpe:/o:novell:opensuse:42.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2017/09/17

Reference Information

CVE: CVE-2017-10664, CVE-2017-10806, CVE-2017-11334, CVE-2017-11434