openSUSE Security Update : qemu (openSUSE-2016-839)

critical Nessus Plugin ID 91980

Synopsis

The remote openSUSE host is missing a security update.

Description

qemu was updated to fix 29 security issues.

These security issues were fixed :

- CVE-2016-4439: Avoid OOB access in 53C9X emulation (bsc#980711)

- CVE-2016-4441: Avoid OOB access in 53C9X emulation (bsc#980723)

- CVE-2016-4952: Avoid OOB access in Vmware PV SCSI emulation (bsc#981266)

- CVE-2015-8817: Avoid OOB access in PCI dma I/O (bsc#969121)

- CVE-2015-8818: Avoid OOB access in PCI dma I/O (bsc#969122)

- CVE-2016-3710: Fixed VGA emulation based OOB access with potential for guest escape (bsc#978158)

- CVE-2016-3712: Fixed VGa emulation based DOS and OOB read access exploit (bsc#978160)

- CVE-2016-4037: Fixed USB ehci based DOS (bsc#976109)

- CVE-2016-2538: Fixed potential OOB access in USB net device emulation (bsc#967969)

- CVE-2016-2841: Fixed OOB access / hang in ne2000 emulation (bsc#969350)

- CVE-2016-2858: Avoid potential DOS when using QEMU pseudo random number generator (bsc#970036)

- CVE-2016-2857: Fixed OOB access when processing IP checksums (bsc#970037)

- CVE-2016-4001: Fixed OOB access in Stellaris enet emulated nic (bsc#975128)

- CVE-2016-4002: Fixed OOB access in MIPSnet emulated controller (bsc#975136)

- CVE-2016-4020: Fixed possible host data leakage to guest from TPR access (bsc#975700)

- CVE-2016-2197: Prevent AHCI NULL pointer dereference when using FIS CLB engine (bsc#964411)

- CVE-2015-5745: Buffer overflow in virtio-serial (bsc#940929).

- CVE-2015-7549: PCI NULL pointer dereferences (bsc#958917).

- CVE-2015-8504: VNC floating point exception (bsc#958491).

- CVE-2015-8558: Infinite loop in ehci_advance_state resulting in DoS (bsc#959005).

- CVE-2015-8567: A guest repeatedly activating a vmxnet3 device can leak host memory (bsc#959386).

- CVE-2015-8568: A guest repeatedly activating a vmxnet3 device can leak host memory (bsc#959386).

- CVE-2015-8613: Wrong sized memset in megasas command handler (bsc#961358).

- CVE-2015-8619: Potential DoS for long HMP sendkey command argument (bsc#960334).

- CVE-2015-8743: OOB memory access in ne2000 ioport r/w functions (bsc#960725).

- CVE-2015-8744: Incorrect l2 header validation could have lead to a crash via assert(2) call (bsc#960835).

- CVE-2015-8745: Reading IMR registers could have lead to a crash via assert(2) call (bsc#960708).

- CVE-2016-1568: AHCI use-after-free in aio port commands (bsc#961332).

- CVE-2016-1714: Potential OOB memory access in processing firmware configuration (bsc#961691).

- CVE-2016-1922: NULL pointer dereference when processing hmp i/o command (bsc#962320).

- CVE-2016-1981: Potential DoS (infinite loop) in e1000 device emulation by malicious privileged user within guest (bsc#963782).

- CVE-2016-2198: Malicious privileged guest user were able to cause DoS by writing to read-only EHCI capabilities registers (bsc#964413).

This non-security issue was fixed

- bsc#886378: qemu truncates vhd images in virt-rescue

This update was imported from the SUSE:SLE-12-SP1:Update update project.

Solution

Update the affected qemu packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=886378

https://bugzilla.opensuse.org/show_bug.cgi?id=940929

https://bugzilla.opensuse.org/show_bug.cgi?id=958491

https://bugzilla.opensuse.org/show_bug.cgi?id=958917

https://bugzilla.opensuse.org/show_bug.cgi?id=959005

https://bugzilla.opensuse.org/show_bug.cgi?id=959386

https://bugzilla.opensuse.org/show_bug.cgi?id=960334

https://bugzilla.opensuse.org/show_bug.cgi?id=960708

https://bugzilla.opensuse.org/show_bug.cgi?id=960725

https://bugzilla.opensuse.org/show_bug.cgi?id=960835

https://bugzilla.opensuse.org/show_bug.cgi?id=961332

https://bugzilla.opensuse.org/show_bug.cgi?id=961333

https://bugzilla.opensuse.org/show_bug.cgi?id=961358

https://bugzilla.opensuse.org/show_bug.cgi?id=961556

https://bugzilla.opensuse.org/show_bug.cgi?id=961691

https://bugzilla.opensuse.org/show_bug.cgi?id=962320

https://bugzilla.opensuse.org/show_bug.cgi?id=963782

https://bugzilla.opensuse.org/show_bug.cgi?id=964411

https://bugzilla.opensuse.org/show_bug.cgi?id=964413

https://bugzilla.opensuse.org/show_bug.cgi?id=967969

https://bugzilla.opensuse.org/show_bug.cgi?id=969121

https://bugzilla.opensuse.org/show_bug.cgi?id=969122

https://bugzilla.opensuse.org/show_bug.cgi?id=969350

https://bugzilla.opensuse.org/show_bug.cgi?id=970036

https://bugzilla.opensuse.org/show_bug.cgi?id=970037

https://bugzilla.opensuse.org/show_bug.cgi?id=975128

https://bugzilla.opensuse.org/show_bug.cgi?id=975136

https://bugzilla.opensuse.org/show_bug.cgi?id=975700

https://bugzilla.opensuse.org/show_bug.cgi?id=976109

https://bugzilla.opensuse.org/show_bug.cgi?id=978158

https://bugzilla.opensuse.org/show_bug.cgi?id=978160

https://bugzilla.opensuse.org/show_bug.cgi?id=980711

https://bugzilla.opensuse.org/show_bug.cgi?id=980723

https://bugzilla.opensuse.org/show_bug.cgi?id=981266

Plugin Details

Severity: Critical

ID: 91980

File Name: openSUSE-2016-839.nasl

Version: 2.4

Type: local

Agent: unix

Published: 7/8/2016

Updated: 1/19/2021

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:qemu-seabios, p-cpe:/a:novell:opensuse:qemu-vgabios, p-cpe:/a:novell:opensuse:qemu-extra-debuginfo, p-cpe:/a:novell:opensuse:qemu-linux-user-debugsource, p-cpe:/a:novell:opensuse:qemu-lang, p-cpe:/a:novell:opensuse:qemu-linux-user-debuginfo, p-cpe:/a:novell:opensuse:qemu-ppc, p-cpe:/a:novell:opensuse:qemu-x86, p-cpe:/a:novell:opensuse:qemu-debugsource, p-cpe:/a:novell:opensuse:qemu-kvm, p-cpe:/a:novell:opensuse:qemu-sgabios, p-cpe:/a:novell:opensuse:qemu-s390-debuginfo, p-cpe:/a:novell:opensuse:qemu-block-rbd-debuginfo, cpe:/o:novell:opensuse:42.1, p-cpe:/a:novell:opensuse:qemu-extra, p-cpe:/a:novell:opensuse:qemu-block-curl, p-cpe:/a:novell:opensuse:qemu-arm-debuginfo, p-cpe:/a:novell:opensuse:qemu-block-curl-debuginfo, p-cpe:/a:novell:opensuse:qemu-block-rbd, p-cpe:/a:novell:opensuse:qemu-s390, p-cpe:/a:novell:opensuse:qemu-x86-debuginfo, p-cpe:/a:novell:opensuse:qemu-testsuite, p-cpe:/a:novell:opensuse:qemu-ipxe, p-cpe:/a:novell:opensuse:qemu-tools, p-cpe:/a:novell:opensuse:qemu-ppc-debuginfo, p-cpe:/a:novell:opensuse:qemu-tools-debuginfo, p-cpe:/a:novell:opensuse:qemu-linux-user, p-cpe:/a:novell:opensuse:qemu-arm, p-cpe:/a:novell:opensuse:qemu-guest-agent-debuginfo, p-cpe:/a:novell:opensuse:qemu, p-cpe:/a:novell:opensuse:qemu-guest-agent

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 7/6/2016

Reference Information

CVE: CVE-2015-5745, CVE-2015-7549, CVE-2015-8504, CVE-2015-8558, CVE-2015-8567, CVE-2015-8568, CVE-2015-8613, CVE-2015-8619, CVE-2015-8743, CVE-2015-8744, CVE-2015-8745, CVE-2015-8817, CVE-2015-8818, CVE-2016-1568, CVE-2016-1714, CVE-2016-1922, CVE-2016-1981, CVE-2016-2197, CVE-2016-2198, CVE-2016-2538, CVE-2016-2841, CVE-2016-2857, CVE-2016-2858, CVE-2016-3710, CVE-2016-3712, CVE-2016-4001, CVE-2016-4002, CVE-2016-4020, CVE-2016-4037, CVE-2016-4439, CVE-2016-4441, CVE-2016-4952