openSUSE Security Update : qemu (openSUSE-2016-839)

High Nessus Plugin ID 91980


The remote openSUSE host is missing a security update.


qemu was updated to fix 29 security issues.

These security issues were fixed :

- CVE-2016-4439: Avoid OOB access in 53C9X emulation (bsc#980711)

- CVE-2016-4441: Avoid OOB access in 53C9X emulation (bsc#980723)

- CVE-2016-4952: Avoid OOB access in Vmware PV SCSI emulation (bsc#981266)

- CVE-2015-8817: Avoid OOB access in PCI dma I/O (bsc#969121)

- CVE-2015-8818: Avoid OOB access in PCI dma I/O (bsc#969122)

- CVE-2016-3710: Fixed VGA emulation based OOB access with potential for guest escape (bsc#978158)

- CVE-2016-3712: Fixed VGa emulation based DOS and OOB read access exploit (bsc#978160)

- CVE-2016-4037: Fixed USB ehci based DOS (bsc#976109)

- CVE-2016-2538: Fixed potential OOB access in USB net device emulation (bsc#967969)

- CVE-2016-2841: Fixed OOB access / hang in ne2000 emulation (bsc#969350)

- CVE-2016-2858: Avoid potential DOS when using QEMU pseudo random number generator (bsc#970036)

- CVE-2016-2857: Fixed OOB access when processing IP checksums (bsc#970037)

- CVE-2016-4001: Fixed OOB access in Stellaris enet emulated nic (bsc#975128)

- CVE-2016-4002: Fixed OOB access in MIPSnet emulated controller (bsc#975136)

- CVE-2016-4020: Fixed possible host data leakage to guest from TPR access (bsc#975700)

- CVE-2016-2197: Prevent AHCI NULL pointer dereference when using FIS CLB engine (bsc#964411)

- CVE-2015-5745: Buffer overflow in virtio-serial (bsc#940929).

- CVE-2015-7549: PCI NULL pointer dereferences (bsc#958917).

- CVE-2015-8504: VNC floating point exception (bsc#958491).

- CVE-2015-8558: Infinite loop in ehci_advance_state resulting in DoS (bsc#959005).

- CVE-2015-8567: A guest repeatedly activating a vmxnet3 device can leak host memory (bsc#959386).

- CVE-2015-8568: A guest repeatedly activating a vmxnet3 device can leak host memory (bsc#959386).

- CVE-2015-8613: Wrong sized memset in megasas command handler (bsc#961358).

- CVE-2015-8619: Potential DoS for long HMP sendkey command argument (bsc#960334).

- CVE-2015-8743: OOB memory access in ne2000 ioport r/w functions (bsc#960725).

- CVE-2015-8744: Incorrect l2 header validation could have lead to a crash via assert(2) call (bsc#960835).

- CVE-2015-8745: Reading IMR registers could have lead to a crash via assert(2) call (bsc#960708).

- CVE-2016-1568: AHCI use-after-free in aio port commands (bsc#961332).

- CVE-2016-1714: Potential OOB memory access in processing firmware configuration (bsc#961691).

- CVE-2016-1922: NULL pointer dereference when processing hmp i/o command (bsc#962320).

- CVE-2016-1981: Potential DoS (infinite loop) in e1000 device emulation by malicious privileged user within guest (bsc#963782).

- CVE-2016-2198: Malicious privileged guest user were able to cause DoS by writing to read-only EHCI capabilities registers (bsc#964413).

This non-security issue was fixed

- bsc#886378: qemu truncates vhd images in virt-rescue

This update was imported from the SUSE:SLE-12-SP1:Update update project.


Update the affected qemu packages.

See Also

Plugin Details

Severity: High

ID: 91980

File Name: openSUSE-2016-839.nasl

Version: $Revision: 2.2 $

Type: local

Agent: unix

Published: 2016/07/08

Modified: 2016/10/13

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C


Base Score: 9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:qemu, p-cpe:/a:novell:opensuse:qemu-arm, p-cpe:/a:novell:opensuse:qemu-arm-debuginfo, p-cpe:/a:novell:opensuse:qemu-block-curl, p-cpe:/a:novell:opensuse:qemu-block-curl-debuginfo, p-cpe:/a:novell:opensuse:qemu-block-rbd, p-cpe:/a:novell:opensuse:qemu-block-rbd-debuginfo, p-cpe:/a:novell:opensuse:qemu-debugsource, p-cpe:/a:novell:opensuse:qemu-extra, p-cpe:/a:novell:opensuse:qemu-extra-debuginfo, p-cpe:/a:novell:opensuse:qemu-guest-agent, p-cpe:/a:novell:opensuse:qemu-guest-agent-debuginfo, p-cpe:/a:novell:opensuse:qemu-ipxe, p-cpe:/a:novell:opensuse:qemu-kvm, p-cpe:/a:novell:opensuse:qemu-lang, p-cpe:/a:novell:opensuse:qemu-linux-user, p-cpe:/a:novell:opensuse:qemu-linux-user-debuginfo, p-cpe:/a:novell:opensuse:qemu-linux-user-debugsource, p-cpe:/a:novell:opensuse:qemu-ppc, p-cpe:/a:novell:opensuse:qemu-ppc-debuginfo, p-cpe:/a:novell:opensuse:qemu-s390, p-cpe:/a:novell:opensuse:qemu-s390-debuginfo, p-cpe:/a:novell:opensuse:qemu-seabios, p-cpe:/a:novell:opensuse:qemu-sgabios, p-cpe:/a:novell:opensuse:qemu-testsuite, p-cpe:/a:novell:opensuse:qemu-tools, p-cpe:/a:novell:opensuse:qemu-tools-debuginfo, p-cpe:/a:novell:opensuse:qemu-vgabios, p-cpe:/a:novell:opensuse:qemu-x86, p-cpe:/a:novell:opensuse:qemu-x86-debuginfo, cpe:/o:novell:opensuse:42.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2016/07/06

Reference Information

CVE: CVE-2015-5745, CVE-2015-7549, CVE-2015-8504, CVE-2015-8558, CVE-2015-8567, CVE-2015-8568, CVE-2015-8613, CVE-2015-8619, CVE-2015-8743, CVE-2015-8744, CVE-2015-8745, CVE-2015-8817, CVE-2015-8818, CVE-2016-1568, CVE-2016-1714, CVE-2016-1922, CVE-2016-1981, CVE-2016-2197, CVE-2016-2198, CVE-2016-2538, CVE-2016-2841, CVE-2016-2857, CVE-2016-2858, CVE-2016-3710, CVE-2016-3712, CVE-2016-4001, CVE-2016-4002, CVE-2016-4020, CVE-2016-4037, CVE-2016-4439, CVE-2016-4441, CVE-2016-4952