openSUSE Security Update : qemu (openSUSE-2017-349)

critical Nessus Plugin ID 97791

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for qemu fixes several issues.

These security issues were fixed :

- CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow flaw allowing a privileged user to crash the Qemu process on the host resulting in DoS (bsc#1023907).

- CVE-2017-5857: The Virtio GPU Device emulator support was vulnerable to a host memory leakage issue allowing a guest user to leak host memory resulting in DoS (bsc#1023073).

- CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation (bsc#1024972)

- CVE-2017-2615: An error in the bitblt copy operation could have allowed a malicious guest administrator to cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation (bsc#1023004)

- CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a memory leakage issue allowing a privileged user to leak host memory resulting in DoS (bsc#1023053)

- CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702)

- CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702)

- CVE-2016-10029: The Virtio GPU Device emulator support was vulnerable to an OOB read issue allowing a guest user to crash the Qemu process instance resulting in Dos (bsc#1017081).

- CVE-2016-10028: The Virtio GPU Device emulator support was vulnerable to an out of bounds memory access issue allowing a guest user to crash the Qemu process instance on a host, resulting in DoS (bsc#1017084).

- CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1021129)

- CVE-2017-5552: The Virtio GPU Device emulator support was vulnerable to a memory leakage issue allowing a guest user to leak host memory resulting in DoS (bsc#1021195).

- CVE-2017-5578: The Virtio GPU Device emulator support was vulnerable to a memory leakage issue allowing a guest user to leak host memory resulting in DoS (bsc#1021481).

- CVE-2017-5526: The ES1370 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1020589).

- CVE-2017-5525: The ac97 audio device emulation support was vulnerable to a memory leakage issue allowing a privileged user inside the guest to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1020491).

- CVE-2017-5667: The SDHCI device emulation support was vulnerable to an OOB heap access issue allowing a privileged user inside the guest to crash the Qemu process resulting in DoS or potentially execute arbitrary code with privileges of the Qemu process on the host (bsc#1022541).

- CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow allowing a privileged user inside the guest to crash the Qemu process resulting in DoS (bnc#1023907)

These non-security issues were fixed :

- Fix name of s390x specific sysctl configuration file to end with .conf (bsc#1026583)

- XHCI fixes (bsc#977027)

- Fixed rare race during s390x guest reboot

- Fixed various inaccuracies in cirrus vga device emulation

- Fixed cause of infrequent migration failures from bad virtio device state (bsc#1020928)

- Fixed graphical update errors introduced by previous security fix (bsc#1016779)

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Solution

Update the affected qemu packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1017084

https://bugzilla.opensuse.org/show_bug.cgi?id=1020491

https://bugzilla.opensuse.org/show_bug.cgi?id=1020589

https://bugzilla.opensuse.org/show_bug.cgi?id=1020928

https://bugzilla.opensuse.org/show_bug.cgi?id=1021129

https://bugzilla.opensuse.org/show_bug.cgi?id=1021195

https://bugzilla.opensuse.org/show_bug.cgi?id=1021481

https://bugzilla.opensuse.org/show_bug.cgi?id=1022541

https://bugzilla.opensuse.org/show_bug.cgi?id=1023004

https://bugzilla.opensuse.org/show_bug.cgi?id=1023053

https://bugzilla.opensuse.org/show_bug.cgi?id=1023073

https://bugzilla.opensuse.org/show_bug.cgi?id=1023907

https://bugzilla.opensuse.org/show_bug.cgi?id=1024972

https://bugzilla.opensuse.org/show_bug.cgi?id=1026583

https://bugzilla.opensuse.org/show_bug.cgi?id=977027

https://bugzilla.opensuse.org/show_bug.cgi?id=1014702

https://bugzilla.opensuse.org/show_bug.cgi?id=1015169

https://bugzilla.opensuse.org/show_bug.cgi?id=1016779

https://bugzilla.opensuse.org/show_bug.cgi?id=1017081

Plugin Details

Severity: Critical

ID: 97791

File Name: openSUSE-2017-349.nasl

Version: 3.9

Type: local

Agent: unix

Published: 3/17/2017

Updated: 6/3/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: High

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:qemu-block-ssh-debuginfo, p-cpe:/a:novell:opensuse:qemu-debugsource, p-cpe:/a:novell:opensuse:qemu-extra, p-cpe:/a:novell:opensuse:qemu-extra-debuginfo, p-cpe:/a:novell:opensuse:qemu-guest-agent, p-cpe:/a:novell:opensuse:qemu-guest-agent-debuginfo, p-cpe:/a:novell:opensuse:qemu-ipxe, p-cpe:/a:novell:opensuse:qemu-kvm, p-cpe:/a:novell:opensuse:qemu-lang, p-cpe:/a:novell:opensuse:qemu-linux-user, p-cpe:/a:novell:opensuse:qemu-linux-user-debuginfo, p-cpe:/a:novell:opensuse:qemu-linux-user-debugsource, p-cpe:/a:novell:opensuse:qemu-ppc, p-cpe:/a:novell:opensuse:qemu-ppc-debuginfo, p-cpe:/a:novell:opensuse:qemu-s390, p-cpe:/a:novell:opensuse:qemu-s390-debuginfo, p-cpe:/a:novell:opensuse:qemu-seabios, p-cpe:/a:novell:opensuse:qemu, p-cpe:/a:novell:opensuse:qemu-arm, p-cpe:/a:novell:opensuse:qemu-arm-debuginfo, p-cpe:/a:novell:opensuse:qemu-block-curl, p-cpe:/a:novell:opensuse:qemu-block-curl-debuginfo, p-cpe:/a:novell:opensuse:qemu-block-dmg, p-cpe:/a:novell:opensuse:qemu-block-dmg-debuginfo, p-cpe:/a:novell:opensuse:qemu-block-iscsi, p-cpe:/a:novell:opensuse:qemu-block-iscsi-debuginfo, p-cpe:/a:novell:opensuse:qemu-block-rbd, p-cpe:/a:novell:opensuse:qemu-block-rbd-debuginfo, p-cpe:/a:novell:opensuse:qemu-block-ssh, cpe:/o:novell:opensuse:42.2, p-cpe:/a:novell:opensuse:qemu-sgabios, p-cpe:/a:novell:opensuse:qemu-testsuite, p-cpe:/a:novell:opensuse:qemu-tools, p-cpe:/a:novell:opensuse:qemu-tools-debuginfo, p-cpe:/a:novell:opensuse:qemu-vgabios, p-cpe:/a:novell:opensuse:qemu-x86, p-cpe:/a:novell:opensuse:qemu-x86-debuginfo

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 3/16/2017

Reference Information

CVE: CVE-2016-10028, CVE-2016-10029, CVE-2016-10155, CVE-2016-9921, CVE-2016-9922, CVE-2017-2615, CVE-2017-2620, CVE-2017-5525, CVE-2017-5526, CVE-2017-5552, CVE-2017-5578, CVE-2017-5667, CVE-2017-5856, CVE-2017-5857, CVE-2017-5898

IAVB: 2017-B-0024-S