openSUSE Security Update : qemu (openSUSE-2016-839)

critical Nessus Plugin ID 91980
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote openSUSE host is missing a security update.

Description

qemu was updated to fix 29 security issues.

These security issues were fixed :

- CVE-2016-4439: Avoid OOB access in 53C9X emulation (bsc#980711)

- CVE-2016-4441: Avoid OOB access in 53C9X emulation (bsc#980723)

- CVE-2016-4952: Avoid OOB access in Vmware PV SCSI emulation (bsc#981266)

- CVE-2015-8817: Avoid OOB access in PCI dma I/O (bsc#969121)

- CVE-2015-8818: Avoid OOB access in PCI dma I/O (bsc#969122)

- CVE-2016-3710: Fixed VGA emulation based OOB access with potential for guest escape (bsc#978158)

- CVE-2016-3712: Fixed VGa emulation based DOS and OOB read access exploit (bsc#978160)

- CVE-2016-4037: Fixed USB ehci based DOS (bsc#976109)

- CVE-2016-2538: Fixed potential OOB access in USB net device emulation (bsc#967969)

- CVE-2016-2841: Fixed OOB access / hang in ne2000 emulation (bsc#969350)

- CVE-2016-2858: Avoid potential DOS when using QEMU pseudo random number generator (bsc#970036)

- CVE-2016-2857: Fixed OOB access when processing IP checksums (bsc#970037)

- CVE-2016-4001: Fixed OOB access in Stellaris enet emulated nic (bsc#975128)

- CVE-2016-4002: Fixed OOB access in MIPSnet emulated controller (bsc#975136)

- CVE-2016-4020: Fixed possible host data leakage to guest from TPR access (bsc#975700)

- CVE-2016-2197: Prevent AHCI NULL pointer dereference when using FIS CLB engine (bsc#964411)

- CVE-2015-5745: Buffer overflow in virtio-serial (bsc#940929).

- CVE-2015-7549: PCI NULL pointer dereferences (bsc#958917).

- CVE-2015-8504: VNC floating point exception (bsc#958491).

- CVE-2015-8558: Infinite loop in ehci_advance_state resulting in DoS (bsc#959005).

- CVE-2015-8567: A guest repeatedly activating a vmxnet3 device can leak host memory (bsc#959386).

- CVE-2015-8568: A guest repeatedly activating a vmxnet3 device can leak host memory (bsc#959386).

- CVE-2015-8613: Wrong sized memset in megasas command handler (bsc#961358).

- CVE-2015-8619: Potential DoS for long HMP sendkey command argument (bsc#960334).

- CVE-2015-8743: OOB memory access in ne2000 ioport r/w functions (bsc#960725).

- CVE-2015-8744: Incorrect l2 header validation could have lead to a crash via assert(2) call (bsc#960835).

- CVE-2015-8745: Reading IMR registers could have lead to a crash via assert(2) call (bsc#960708).

- CVE-2016-1568: AHCI use-after-free in aio port commands (bsc#961332).

- CVE-2016-1714: Potential OOB memory access in processing firmware configuration (bsc#961691).

- CVE-2016-1922: NULL pointer dereference when processing hmp i/o command (bsc#962320).

- CVE-2016-1981: Potential DoS (infinite loop) in e1000 device emulation by malicious privileged user within guest (bsc#963782).

- CVE-2016-2198: Malicious privileged guest user were able to cause DoS by writing to read-only EHCI capabilities registers (bsc#964413).

This non-security issue was fixed

- bsc#886378: qemu truncates vhd images in virt-rescue

This update was imported from the SUSE:SLE-12-SP1:Update update project.

Solution

Update the affected qemu packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=886378

https://bugzilla.opensuse.org/show_bug.cgi?id=940929

https://bugzilla.opensuse.org/show_bug.cgi?id=958491

https://bugzilla.opensuse.org/show_bug.cgi?id=958917

https://bugzilla.opensuse.org/show_bug.cgi?id=959005

https://bugzilla.opensuse.org/show_bug.cgi?id=959386

https://bugzilla.opensuse.org/show_bug.cgi?id=960334

https://bugzilla.opensuse.org/show_bug.cgi?id=960708

https://bugzilla.opensuse.org/show_bug.cgi?id=960725

https://bugzilla.opensuse.org/show_bug.cgi?id=960835

https://bugzilla.opensuse.org/show_bug.cgi?id=961332

https://bugzilla.opensuse.org/show_bug.cgi?id=961333

https://bugzilla.opensuse.org/show_bug.cgi?id=961358

https://bugzilla.opensuse.org/show_bug.cgi?id=961556

https://bugzilla.opensuse.org/show_bug.cgi?id=961691

https://bugzilla.opensuse.org/show_bug.cgi?id=962320

https://bugzilla.opensuse.org/show_bug.cgi?id=963782

https://bugzilla.opensuse.org/show_bug.cgi?id=964411

https://bugzilla.opensuse.org/show_bug.cgi?id=964413

https://bugzilla.opensuse.org/show_bug.cgi?id=967969

https://bugzilla.opensuse.org/show_bug.cgi?id=969121

https://bugzilla.opensuse.org/show_bug.cgi?id=969122

https://bugzilla.opensuse.org/show_bug.cgi?id=969350

https://bugzilla.opensuse.org/show_bug.cgi?id=970036

https://bugzilla.opensuse.org/show_bug.cgi?id=970037

https://bugzilla.opensuse.org/show_bug.cgi?id=975128

https://bugzilla.opensuse.org/show_bug.cgi?id=975136

https://bugzilla.opensuse.org/show_bug.cgi?id=975700

https://bugzilla.opensuse.org/show_bug.cgi?id=976109

https://bugzilla.opensuse.org/show_bug.cgi?id=978158

https://bugzilla.opensuse.org/show_bug.cgi?id=978160

https://bugzilla.opensuse.org/show_bug.cgi?id=980711

https://bugzilla.opensuse.org/show_bug.cgi?id=980723

https://bugzilla.opensuse.org/show_bug.cgi?id=981266

Plugin Details

Severity: Critical

ID: 91980

File Name: openSUSE-2016-839.nasl

Version: 2.4

Type: local

Agent: unix

Published: 7/8/2016

Updated: 1/19/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:qemu, p-cpe:/a:novell:opensuse:qemu-arm, p-cpe:/a:novell:opensuse:qemu-arm-debuginfo, p-cpe:/a:novell:opensuse:qemu-block-curl, p-cpe:/a:novell:opensuse:qemu-block-curl-debuginfo, p-cpe:/a:novell:opensuse:qemu-block-rbd, p-cpe:/a:novell:opensuse:qemu-block-rbd-debuginfo, p-cpe:/a:novell:opensuse:qemu-debugsource, p-cpe:/a:novell:opensuse:qemu-extra, p-cpe:/a:novell:opensuse:qemu-extra-debuginfo, p-cpe:/a:novell:opensuse:qemu-guest-agent, p-cpe:/a:novell:opensuse:qemu-guest-agent-debuginfo, p-cpe:/a:novell:opensuse:qemu-ipxe, p-cpe:/a:novell:opensuse:qemu-kvm, p-cpe:/a:novell:opensuse:qemu-lang, p-cpe:/a:novell:opensuse:qemu-linux-user, p-cpe:/a:novell:opensuse:qemu-linux-user-debuginfo, p-cpe:/a:novell:opensuse:qemu-linux-user-debugsource, p-cpe:/a:novell:opensuse:qemu-ppc, p-cpe:/a:novell:opensuse:qemu-ppc-debuginfo, p-cpe:/a:novell:opensuse:qemu-s390, p-cpe:/a:novell:opensuse:qemu-s390-debuginfo, p-cpe:/a:novell:opensuse:qemu-seabios, p-cpe:/a:novell:opensuse:qemu-sgabios, p-cpe:/a:novell:opensuse:qemu-testsuite, p-cpe:/a:novell:opensuse:qemu-tools, p-cpe:/a:novell:opensuse:qemu-tools-debuginfo, p-cpe:/a:novell:opensuse:qemu-vgabios, p-cpe:/a:novell:opensuse:qemu-x86, p-cpe:/a:novell:opensuse:qemu-x86-debuginfo, cpe:/o:novell:opensuse:42.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 7/6/2016

Reference Information

CVE: CVE-2015-5745, CVE-2015-7549, CVE-2015-8504, CVE-2015-8558, CVE-2015-8567, CVE-2015-8568, CVE-2015-8613, CVE-2015-8619, CVE-2015-8743, CVE-2015-8744, CVE-2015-8745, CVE-2015-8817, CVE-2015-8818, CVE-2016-1568, CVE-2016-1714, CVE-2016-1922, CVE-2016-1981, CVE-2016-2197, CVE-2016-2198, CVE-2016-2538, CVE-2016-2841, CVE-2016-2857, CVE-2016-2858, CVE-2016-3710, CVE-2016-3712, CVE-2016-4001, CVE-2016-4002, CVE-2016-4020, CVE-2016-4037, CVE-2016-4439, CVE-2016-4441, CVE-2016-4952