openSUSE Security Update : qemu (openSUSE-2018-1483)

critical Nessus Plugin ID 119491

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for qemu fixes the following issues :

Security issues fixed :

- CVE-2018-10839: Fixed NE2000 NIC emulation support that is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS (bsc#1110910).

- CVE-2018-15746: Fixed qemu-seccomp.c that might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread (bsc#1106222).

- CVE-2018-16847: Fixed an OOB heap buffer r/w access issue that was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process (bsc#1114529).

- CVE-2018-17958: Fixed a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used (bsc#1111006).

- CVE-2018-17962: Fixed a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used (bsc#1111010).

- CVE-2018-17963: Fixed qemu_deliver_packet_iov in net/net.c that accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.
(bsc#1111013)

- CVE-2018-18849: Fixed an out of bounds memory access issue that was found in the LSI53C895A SCSI Host Bus Adapter emulation while writing a message in lsi_do_msgin. It could occur during migration if the 'msg_len' field has an invalid value. A user/process could use this flaw to crash the Qemu process resulting in DoS (bsc#1114422).

Non-security issues fixed :

- Fix slowness in arm32 emulation (bsc#1112499).

- In order to improve spectre mitigation for s390x, add a new feature in the QEMU cpu model to provide the etoken cpu feature for guests (bsc#1107489).

This update was imported from the SUSE:SLE-15:Update update project.

Solution

Update the affected qemu packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1106222

https://bugzilla.opensuse.org/show_bug.cgi?id=1107489

https://bugzilla.opensuse.org/show_bug.cgi?id=1110910

https://bugzilla.opensuse.org/show_bug.cgi?id=1111006

https://bugzilla.opensuse.org/show_bug.cgi?id=1111010

https://bugzilla.opensuse.org/show_bug.cgi?id=1111013

https://bugzilla.opensuse.org/show_bug.cgi?id=1112499

https://bugzilla.opensuse.org/show_bug.cgi?id=1114422

https://bugzilla.opensuse.org/show_bug.cgi?id=1114529

Plugin Details

Severity: Critical

ID: 119491

File Name: openSUSE-2018-1483.nasl

Version: 1.4

Type: local

Agent: unix

Published: 12/7/2018

Updated: 7/17/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2018-17963

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:qemu-block-iscsi, p-cpe:/a:novell:opensuse:qemu-seabios, cpe:/o:novell:opensuse:15.0, p-cpe:/a:novell:opensuse:qemu-block-ssh, p-cpe:/a:novell:opensuse:qemu-vgabios, p-cpe:/a:novell:opensuse:qemu-extra-debuginfo, p-cpe:/a:novell:opensuse:qemu-linux-user-debugsource, p-cpe:/a:novell:opensuse:qemu-lang, p-cpe:/a:novell:opensuse:qemu-linux-user-debuginfo, p-cpe:/a:novell:opensuse:qemu-ppc, p-cpe:/a:novell:opensuse:qemu-x86, p-cpe:/a:novell:opensuse:qemu-block-ssh-debuginfo, p-cpe:/a:novell:opensuse:qemu-debugsource, p-cpe:/a:novell:opensuse:qemu-kvm, p-cpe:/a:novell:opensuse:qemu-sgabios, p-cpe:/a:novell:opensuse:qemu-s390-debuginfo, p-cpe:/a:novell:opensuse:qemu-block-rbd-debuginfo, p-cpe:/a:novell:opensuse:qemu-extra, p-cpe:/a:novell:opensuse:qemu-block-iscsi-debuginfo, p-cpe:/a:novell:opensuse:qemu-block-curl, p-cpe:/a:novell:opensuse:qemu-block-dmg, p-cpe:/a:novell:opensuse:qemu-arm-debuginfo, p-cpe:/a:novell:opensuse:qemu-block-curl-debuginfo, p-cpe:/a:novell:opensuse:qemu-debuginfo, p-cpe:/a:novell:opensuse:qemu-block-rbd, p-cpe:/a:novell:opensuse:qemu-s390, p-cpe:/a:novell:opensuse:qemu-block-gluster-debuginfo, p-cpe:/a:novell:opensuse:qemu-testsuite, p-cpe:/a:novell:opensuse:qemu-x86-debuginfo, p-cpe:/a:novell:opensuse:qemu-block-gluster, p-cpe:/a:novell:opensuse:qemu-ipxe, p-cpe:/a:novell:opensuse:qemu-tools, p-cpe:/a:novell:opensuse:qemu-ppc-debuginfo, p-cpe:/a:novell:opensuse:qemu-tools-debuginfo, p-cpe:/a:novell:opensuse:qemu-linux-user, p-cpe:/a:novell:opensuse:qemu-arm, p-cpe:/a:novell:opensuse:qemu-guest-agent-debuginfo, p-cpe:/a:novell:opensuse:qemu-ksm, p-cpe:/a:novell:opensuse:qemu, p-cpe:/a:novell:opensuse:qemu-block-dmg-debuginfo, p-cpe:/a:novell:opensuse:qemu-guest-agent

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/6/2018

Reference Information

CVE: CVE-2018-10839, CVE-2018-15746, CVE-2018-16847, CVE-2018-17958, CVE-2018-17962, CVE-2018-17963, CVE-2018-18849