openSUSE Security Update : qemu (openSUSE-2016-252)

critical Nessus Plugin ID 88925

Synopsis

The remote openSUSE host is missing a security update.

Description

This update fixes the following security issues :

- Enforce receive packet size, thus eliminating buffer overflow and potential security issue. (bsc#957162 CVE-2015-7512)

- Infinite loop in processing command block list.
CVE-2015-8345 (bsc#956829) :

This update also fixes a non-security bug :

- Due to space restrictions in limited bios data areas, don't create mptable if vcpu count is 'high' (ie more than ~19). (bsc#954864) (No supported guests are negatively impacted by this change, which is taken from upstream seabios)

This update was imported from the SUSE:SLE-12-SP1:Update update project.

Solution

Update the affected qemu packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=954864

https://bugzilla.opensuse.org/show_bug.cgi?id=956829

https://bugzilla.opensuse.org/show_bug.cgi?id=957162

Plugin Details

Severity: Critical

ID: 88925

File Name: openSUSE-2016-252.nasl

Version: 2.4

Type: local

Agent: unix

Published: 2/24/2016

Updated: 1/19/2021

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Critical

Base Score: 9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:qemu-seabios, p-cpe:/a:novell:opensuse:qemu-vgabios, p-cpe:/a:novell:opensuse:qemu-extra-debuginfo, p-cpe:/a:novell:opensuse:qemu-linux-user-debugsource, p-cpe:/a:novell:opensuse:qemu-lang, p-cpe:/a:novell:opensuse:qemu-linux-user-debuginfo, p-cpe:/a:novell:opensuse:qemu-ppc, p-cpe:/a:novell:opensuse:qemu-x86, p-cpe:/a:novell:opensuse:qemu-debugsource, p-cpe:/a:novell:opensuse:qemu-kvm, p-cpe:/a:novell:opensuse:qemu-sgabios, p-cpe:/a:novell:opensuse:qemu-s390-debuginfo, p-cpe:/a:novell:opensuse:qemu-block-rbd-debuginfo, cpe:/o:novell:opensuse:42.1, p-cpe:/a:novell:opensuse:qemu-extra, p-cpe:/a:novell:opensuse:qemu-block-curl, p-cpe:/a:novell:opensuse:qemu-arm-debuginfo, p-cpe:/a:novell:opensuse:qemu-block-curl-debuginfo, p-cpe:/a:novell:opensuse:qemu-block-rbd, p-cpe:/a:novell:opensuse:qemu-s390, p-cpe:/a:novell:opensuse:qemu-x86-debuginfo, p-cpe:/a:novell:opensuse:qemu-testsuite, p-cpe:/a:novell:opensuse:qemu-ipxe, p-cpe:/a:novell:opensuse:qemu-tools, p-cpe:/a:novell:opensuse:qemu-ppc-debuginfo, p-cpe:/a:novell:opensuse:qemu-tools-debuginfo, p-cpe:/a:novell:opensuse:qemu-linux-user, p-cpe:/a:novell:opensuse:qemu-arm, p-cpe:/a:novell:opensuse:qemu-guest-agent-debuginfo, p-cpe:/a:novell:opensuse:qemu, p-cpe:/a:novell:opensuse:qemu-guest-agent

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2/21/2016

Reference Information

CVE: CVE-2015-7512, CVE-2015-8345