openSUSE Security Update : qemu (openSUSE-2017-1072)

Medium Nessus Plugin ID 103292

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for qemu fixes the following issues :

Security issues fixed :

- CVE-2017-10664: Fix DOS vulnerability in qemu-nbd (bsc#1046636)

- CVE-2017-10806: Fix DOS from stack overflow in debug messages of usb redirection support (bsc#1047674)

- CVE-2017-11334: Fix OOB access during DMA operation (bsc#1048902)

- CVE-2017-11434: Fix OOB access parsing dhcp slirp options (bsc#1049381)

Following non-security issues were fixed :

- Postrequire acl for setfacl

- Prerequire shadow for groupadd

- The recent security fix for CVE-2017-11334 adversely affects Xen. Include two additional patches to make sure Xen is going to be OK.

- Pre-add group kvm for qemu-tools (bsc#1011144)

- Fixed a few more inaccuracies in the support docs.

- Fix support docs to indicate ARM64 is now fully L3 supported in SLES 12 SP3. Apply a few additional clarifications in the support docs. (bsc#1050268)

- Adjust to libvdeplug-devel package naming changes.

- Fix migration with xhci (bsc#1048296)

- Increase VNC delay to fix missing keyboard input events (bsc#1031692)

- Remove build dependency package iasl used for seabios

This update was imported from the SUSE:SLE-12-SP3:Update update project.

Solution

Update the affected qemu packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1011144

https://bugzilla.opensuse.org/show_bug.cgi?id=1031692

https://bugzilla.opensuse.org/show_bug.cgi?id=1046636

https://bugzilla.opensuse.org/show_bug.cgi?id=1047674

https://bugzilla.opensuse.org/show_bug.cgi?id=1048296

https://bugzilla.opensuse.org/show_bug.cgi?id=1048902

https://bugzilla.opensuse.org/show_bug.cgi?id=1049381

https://bugzilla.opensuse.org/show_bug.cgi?id=1050268

Plugin Details

Severity: Medium

ID: 103292

File Name: openSUSE-2017-1072.nasl

Version: Revision: 3.2

Type: local

Agent: unix

Published: 2017/09/18

Updated: 2018/01/26

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:qemu, p-cpe:/a:novell:opensuse:qemu-arm, p-cpe:/a:novell:opensuse:qemu-arm-debuginfo, p-cpe:/a:novell:opensuse:qemu-block-curl, p-cpe:/a:novell:opensuse:qemu-block-curl-debuginfo, p-cpe:/a:novell:opensuse:qemu-block-dmg, p-cpe:/a:novell:opensuse:qemu-block-dmg-debuginfo, p-cpe:/a:novell:opensuse:qemu-block-iscsi, p-cpe:/a:novell:opensuse:qemu-block-iscsi-debuginfo, p-cpe:/a:novell:opensuse:qemu-block-rbd, p-cpe:/a:novell:opensuse:qemu-block-rbd-debuginfo, p-cpe:/a:novell:opensuse:qemu-block-ssh, p-cpe:/a:novell:opensuse:qemu-block-ssh-debuginfo, p-cpe:/a:novell:opensuse:qemu-debugsource, p-cpe:/a:novell:opensuse:qemu-extra, p-cpe:/a:novell:opensuse:qemu-extra-debuginfo, p-cpe:/a:novell:opensuse:qemu-guest-agent, p-cpe:/a:novell:opensuse:qemu-guest-agent-debuginfo, p-cpe:/a:novell:opensuse:qemu-ipxe, p-cpe:/a:novell:opensuse:qemu-ksm, p-cpe:/a:novell:opensuse:qemu-kvm, p-cpe:/a:novell:opensuse:qemu-lang, p-cpe:/a:novell:opensuse:qemu-linux-user, p-cpe:/a:novell:opensuse:qemu-linux-user-debuginfo, p-cpe:/a:novell:opensuse:qemu-linux-user-debugsource, p-cpe:/a:novell:opensuse:qemu-ppc, p-cpe:/a:novell:opensuse:qemu-ppc-debuginfo, p-cpe:/a:novell:opensuse:qemu-s390, p-cpe:/a:novell:opensuse:qemu-s390-debuginfo, p-cpe:/a:novell:opensuse:qemu-seabios, p-cpe:/a:novell:opensuse:qemu-sgabios, p-cpe:/a:novell:opensuse:qemu-testsuite, p-cpe:/a:novell:opensuse:qemu-tools, p-cpe:/a:novell:opensuse:qemu-tools-debuginfo, p-cpe:/a:novell:opensuse:qemu-vgabios, p-cpe:/a:novell:opensuse:qemu-x86, p-cpe:/a:novell:opensuse:qemu-x86-debuginfo, cpe:/o:novell:opensuse:42.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2017/09/17

Reference Information

CVE: CVE-2017-10664, CVE-2017-10806, CVE-2017-11334, CVE-2017-11434