SUSE SLED12 / SLES12 Security Update : qemu (SUSE-SU-2016:1560-1)
critical Nessus Plugin ID 91660
Language:
Synopsis
The remote SUSE host is missing one or more security updates.Description
qemu was updated to fix 37 security issues.These security issues were fixed :
- CVE-2016-4439: Avoid OOB access in 53C9X emulation (bsc#980711)
- CVE-2016-4441: Avoid OOB access in 53C9X emulation (bsc#980723)
- CVE-2016-4952: Avoid OOB access in Vmware PV SCSI emulation (bsc#981266)
- CVE-2015-8817: Avoid OOB access in PCI DMA I/O (bsc#969121)
- CVE-2015-8818: Avoid OOB access in PCI DMA I/O (bsc#969122)
- CVE-2016-3710: Fixed VGA emulation based OOB access with potential for guest escape (bsc#978158)
- CVE-2016-3712: Fixed VGa emulation based DOS and OOB read access exploit (bsc#978160)
- CVE-2016-4037: Fixed USB ehci based DOS (bsc#976109)
- CVE-2016-2538: Fixed potential OOB access in USB net device emulation (bsc#967969)
- CVE-2016-2841: Fixed OOB access / hang in ne2000 emulation (bsc#969350)
- CVE-2016-2858: Avoid potential DOS when using QEMU pseudo random number generator (bsc#970036)
- CVE-2016-2857: Fixed OOB access when processing IP checksums (bsc#970037)
- CVE-2016-4001: Fixed OOB access in Stellaris enet emulated nic (bsc#975128)
- CVE-2016-4002: Fixed OOB access in MIPSnet emulated controller (bsc#975136)
- CVE-2016-4020: Fixed possible host data leakage to guest from TPR access (bsc#975700)
- CVE-2015-3214: Fixed OOB read in i8254 PIC (bsc#934069)
- CVE-2014-9718: Fixed the handling of malformed or short ide PRDTs to avoid any opportunity for guest to cause DoS by abusing that interface (bsc#928393)
- CVE-2014-3689: Fixed insufficient parameter validation in rectangle functions (bsc#901508)
- CVE-2014-3615: The VGA emulator in QEMU allowed local guest users to read host memory by setting the display to a high resolution (bsc#895528).
- CVE-2015-5239: Integer overflow in vnc_client_read() and protocol_client_msg() (bsc#944463).
- CVE-2015-5745: Buffer overflow in virtio-serial (bsc#940929).
- CVE-2015-7295: hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allowed remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap interface (bsc#947159).
- CVE-2015-7549: PCI NULL pointer dereferences (bsc#958917).
- CVE-2015-8504: VNC floating point exception (bsc#958491).
- CVE-2015-8558: Infinite loop in ehci_advance_state resulting in DoS (bsc#959005).
- CVE-2015-8567: A guest repeatedly activating a vmxnet3 device can leak host memory (bsc#959386).
- CVE-2015-8568: A guest repeatedly activating a vmxnet3 device can leak host memory (bsc#959386).
- CVE-2015-8613: Wrong sized memset in megasas command handler (bsc#961358).
- CVE-2015-8619: Potential DoS for long HMP sendkey command argument (bsc#960334).
- CVE-2015-8743: OOB memory access in ne2000 ioport r/w functions (bsc#960725).
- CVE-2015-8744: Incorrect l2 header validation could have lead to a crash via assert(2) call (bsc#960835).
- CVE-2015-8745: Reading IMR registers could have lead to a crash via assert(2) call (bsc#960708).
- CVE-2016-1568: AHCI use-after-free in aio port commands (bsc#961332).
- CVE-2016-1714: Potential OOB memory access in processing firmware configuration (bsc#961691).
- CVE-2016-1922: NULL pointer dereference when processing hmp i/o command (bsc#962320).
- CVE-2016-1981: Potential DoS (infinite loop) in e1000 device emulation by malicious privileged user within guest (bsc#963782).
- CVE-2016-2198: Malicious privileged guest user were able to cause DoS by writing to read-only EHCI capabilities registers (bsc#964413).
This non-security issue was fixed
- bsc#886378: qemu truncates vhd images in virt-rescue
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Solution
To install this SUSE Security Update use YaST online_update.Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Server 12 :
zypper in -t patch SUSE-SLE-SERVER-12-2016-924=1
SUSE Linux Enterprise Desktop 12 :
zypper in -t patch SUSE-SLE-DESKTOP-12-2016-924=1
To bring your system up-to-date, use 'zypper patch'.
See Also
https://bugzilla.suse.com/show_bug.cgi?id=886378
https://bugzilla.suse.com/show_bug.cgi?id=895528
https://bugzilla.suse.com/show_bug.cgi?id=901508
https://bugzilla.suse.com/show_bug.cgi?id=928393
https://bugzilla.suse.com/show_bug.cgi?id=934069
https://bugzilla.suse.com/show_bug.cgi?id=940929
https://bugzilla.suse.com/show_bug.cgi?id=944463
https://bugzilla.suse.com/show_bug.cgi?id=947159
https://bugzilla.suse.com/show_bug.cgi?id=958491
https://bugzilla.suse.com/show_bug.cgi?id=958917
https://bugzilla.suse.com/show_bug.cgi?id=959005
https://bugzilla.suse.com/show_bug.cgi?id=959386
https://bugzilla.suse.com/show_bug.cgi?id=960334
https://bugzilla.suse.com/show_bug.cgi?id=960708
https://bugzilla.suse.com/show_bug.cgi?id=960725
https://bugzilla.suse.com/show_bug.cgi?id=960835
https://bugzilla.suse.com/show_bug.cgi?id=961332
https://bugzilla.suse.com/show_bug.cgi?id=961333
https://bugzilla.suse.com/show_bug.cgi?id=961358
https://bugzilla.suse.com/show_bug.cgi?id=961556
https://bugzilla.suse.com/show_bug.cgi?id=961691
https://bugzilla.suse.com/show_bug.cgi?id=962320
https://bugzilla.suse.com/show_bug.cgi?id=963782
https://bugzilla.suse.com/show_bug.cgi?id=964413
https://bugzilla.suse.com/show_bug.cgi?id=967969
https://bugzilla.suse.com/show_bug.cgi?id=969121
https://bugzilla.suse.com/show_bug.cgi?id=969122
https://bugzilla.suse.com/show_bug.cgi?id=969350
https://bugzilla.suse.com/show_bug.cgi?id=970036
https://bugzilla.suse.com/show_bug.cgi?id=970037
https://bugzilla.suse.com/show_bug.cgi?id=975128
https://bugzilla.suse.com/show_bug.cgi?id=975136
https://bugzilla.suse.com/show_bug.cgi?id=975700
https://bugzilla.suse.com/show_bug.cgi?id=976109
https://bugzilla.suse.com/show_bug.cgi?id=978158
https://bugzilla.suse.com/show_bug.cgi?id=978160
https://bugzilla.suse.com/show_bug.cgi?id=980711
https://bugzilla.suse.com/show_bug.cgi?id=980723
https://bugzilla.suse.com/show_bug.cgi?id=981266
https://www.suse.com/security/cve/CVE-2014-3615/
https://www.suse.com/security/cve/CVE-2014-3689/
https://www.suse.com/security/cve/CVE-2014-9718/
https://www.suse.com/security/cve/CVE-2015-3214/
https://www.suse.com/security/cve/CVE-2015-5239/
https://www.suse.com/security/cve/CVE-2015-5745/
https://www.suse.com/security/cve/CVE-2015-7295/
https://www.suse.com/security/cve/CVE-2015-7549/
https://www.suse.com/security/cve/CVE-2015-8504/
https://www.suse.com/security/cve/CVE-2015-8558/
https://www.suse.com/security/cve/CVE-2015-8567/
https://www.suse.com/security/cve/CVE-2015-8568/
https://www.suse.com/security/cve/CVE-2015-8613/
https://www.suse.com/security/cve/CVE-2015-8619/
https://www.suse.com/security/cve/CVE-2015-8743/
https://www.suse.com/security/cve/CVE-2015-8744/
https://www.suse.com/security/cve/CVE-2015-8745/
https://www.suse.com/security/cve/CVE-2015-8817/
https://www.suse.com/security/cve/CVE-2015-8818/
https://www.suse.com/security/cve/CVE-2016-1568/
https://www.suse.com/security/cve/CVE-2016-1714/
https://www.suse.com/security/cve/CVE-2016-1922/
https://www.suse.com/security/cve/CVE-2016-1981/
https://www.suse.com/security/cve/CVE-2016-2198/
https://www.suse.com/security/cve/CVE-2016-2538/
https://www.suse.com/security/cve/CVE-2016-2841/
https://www.suse.com/security/cve/CVE-2016-2857/
https://www.suse.com/security/cve/CVE-2016-2858/
https://www.suse.com/security/cve/CVE-2016-3710/
https://www.suse.com/security/cve/CVE-2016-3712/
https://www.suse.com/security/cve/CVE-2016-4001/
https://www.suse.com/security/cve/CVE-2016-4002/
https://www.suse.com/security/cve/CVE-2016-4020/
https://www.suse.com/security/cve/CVE-2016-4037/
https://www.suse.com/security/cve/CVE-2016-4439/
https://www.suse.com/security/cve/CVE-2016-4441/
Plugin Details
Severity: Critical
ID: 91660
File Name: suse_SU-2016-1560-1.nasl
Version: 2.12
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 6/17/2016
Updated: 1/6/2021
Supported Sensors: Nessus Agent
Risk Information
VPR
Risk Factor: High
Score: 7.3
CVSS v2
Risk Factor: High
Base Score: 7.2
Temporal Score: 5.6
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Temporal Vector: E:POC/RL:OF/RC:C
CVSS v3
Risk Factor: Critical
Base Score: 9
Temporal Score: 8.1
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Temporal Vector: E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:qemu, p-cpe:/a:novell:suse_linux:qemu-block-curl, p-cpe:/a:novell:suse_linux:qemu-block-curl-debuginfo, p-cpe:/a:novell:suse_linux:qemu-block-rbd, p-cpe:/a:novell:suse_linux:qemu-block-rbd-debuginfo, p-cpe:/a:novell:suse_linux:qemu-debugsource, p-cpe:/a:novell:suse_linux:qemu-guest-agent, p-cpe:/a:novell:suse_linux:qemu-guest-agent-debuginfo, p-cpe:/a:novell:suse_linux:qemu-kvm, p-cpe:/a:novell:suse_linux:qemu-lang, p-cpe:/a:novell:suse_linux:qemu-s390, p-cpe:/a:novell:suse_linux:qemu-s390-debuginfo, p-cpe:/a:novell:suse_linux:qemu-tools, p-cpe:/a:novell:suse_linux:qemu-tools-debuginfo, p-cpe:/a:novell:suse_linux:qemu-x86, p-cpe:/a:novell:suse_linux:qemu-x86-debuginfo, cpe:/o:novell:suse_linux:12
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 6/13/2016
Vulnerability Publication Date: 11/1/2014
Reference Information
CVE: CVE-2014-3615, CVE-2014-3689, CVE-2014-9718, CVE-2015-3214, CVE-2015-5239, CVE-2015-5745, CVE-2015-7295, CVE-2015-7549, CVE-2015-8504, CVE-2015-8558, CVE-2015-8567, CVE-2015-8568, CVE-2015-8613, CVE-2015-8619, CVE-2015-8743, CVE-2015-8744, CVE-2015-8745, CVE-2015-8817, CVE-2015-8818, CVE-2016-1568, CVE-2016-1714, CVE-2016-1922, CVE-2016-1981, CVE-2016-2198, CVE-2016-2538, CVE-2016-2841, CVE-2016-2857, CVE-2016-2858, CVE-2016-3710, CVE-2016-3712, CVE-2016-4001, CVE-2016-4002, CVE-2016-4020, CVE-2016-4037, CVE-2016-4439, CVE-2016-4441, CVE-2016-4952