Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.1480 SUSE Security Update: Security update for qemu 14 June 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: qemu Publisher: SUSE Operating System: SUSE Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Increased Privileges -- Existing Account Create Arbitrary Files -- Existing Account Cross-site Request Forgery -- Remote with User Interaction Denial of Service -- Existing Account Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2016-4952 CVE-2016-4441 CVE-2016-4439 CVE-2016-4037 CVE-2016-4020 CVE-2016-4002 CVE-2016-4001 CVE-2016-3712 CVE-2016-3710 CVE-2016-2858 CVE-2016-2857 CVE-2016-2841 CVE-2016-2538 CVE-2016-2198 CVE-2016-1981 CVE-2016-1922 CVE-2016-1714 CVE-2016-1568 CVE-2015-8818 CVE-2015-8817 CVE-2015-8745 CVE-2015-8744 CVE-2015-8743 CVE-2015-8619 CVE-2015-8613 CVE-2015-8568 CVE-2015-8567 CVE-2015-8558 CVE-2015-8504 CVE-2015-7549 CVE-2015-7295 CVE-2015-5745 CVE-2015-5239 CVE-2015-3214 CVE-2014-9718 CVE-2014-3689 CVE-2014-3615 Reference: ESB-2015.1304 ESB-2014.2083.2 ESB-2014.1772 - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1560-1 Rating: important References: #886378 #895528 #901508 #928393 #934069 #940929 #944463 #947159 #958491 #958917 #959005 #959386 #960334 #960708 #960725 #960835 #961332 #961333 #961358 #961556 #961691 #962320 #963782 #964413 #967969 #969121 #969122 #969350 #970036 #970037 #975128 #975136 #975700 #976109 #978158 #978160 #980711 #980723 #981266 Cross-References: CVE-2014-3615 CVE-2014-3689 CVE-2014-9718 CVE-2015-3214 CVE-2015-5239 CVE-2015-5745 CVE-2015-7295 CVE-2015-7549 CVE-2015-8504 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 CVE-2015-8613 CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2015-8817 CVE-2015-8818 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981 CVE-2016-2198 CVE-2016-2538 CVE-2016-2841 CVE-2016-2857 CVE-2016-2858 CVE-2016-3710 CVE-2016-3712 CVE-2016-4001 CVE-2016-4002 CVE-2016-4020 CVE-2016-4037 CVE-2016-4439 CVE-2016-4441 CVE-2016-4952 Affected Products: SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Desktop 12 ______________________________________________________________________________ An update that solves 37 vulnerabilities and has two fixes is now available. Description: qemu was updated to fix 37 security issues. These security issues were fixed: - CVE-2016-4439: Avoid OOB access in 53C9X emulation (bsc#980711) - CVE-2016-4441: Avoid OOB access in 53C9X emulation (bsc#980723) - CVE-2016-4952: Avoid OOB access in Vmware PV SCSI emulation (bsc#981266) - CVE-2015-8817: Avoid OOB access in PCI DMA I/O (bsc#969121) - CVE-2015-8818: Avoid OOB access in PCI DMA I/O (bsc#969122) - CVE-2016-3710: Fixed VGA emulation based OOB access with potential for guest escape (bsc#978158) - CVE-2016-3712: Fixed VGa emulation based DOS and OOB read access exploit (bsc#978160) - CVE-2016-4037: Fixed USB ehci based DOS (bsc#976109) - CVE-2016-2538: Fixed potential OOB access in USB net device emulation (bsc#967969) - CVE-2016-2841: Fixed OOB access / hang in ne2000 emulation (bsc#969350) - CVE-2016-2858: Avoid potential DOS when using QEMU pseudo random number generator (bsc#970036) - CVE-2016-2857: Fixed OOB access when processing IP checksums (bsc#970037) - CVE-2016-4001: Fixed OOB access in Stellaris enet emulated nic (bsc#975128) - CVE-2016-4002: Fixed OOB access in MIPSnet emulated controller (bsc#975136) - CVE-2016-4020: Fixed possible host data leakage to guest from TPR access (bsc#975700) - CVE-2015-3214: Fixed OOB read in i8254 PIC (bsc#934069) - CVE-2014-9718: Fixed the handling of malformed or short ide PRDTs to avoid any opportunity for guest to cause DoS by abusing that interface (bsc#928393) - CVE-2014-3689: Fixed insufficient parameter validation in rectangle functions (bsc#901508) - CVE-2014-3615: The VGA emulator in QEMU allowed local guest users to read host memory by setting the display to a high resolution (bsc#895528). - CVE-2015-5239: Integer overflow in vnc_client_read() and protocol_client_msg() (bsc#944463). - CVE-2015-5745: Buffer overflow in virtio-serial (bsc#940929). - CVE-2015-7295: hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allowed remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap interface (bsc#947159). - CVE-2015-7549: PCI null pointer dereferences (bsc#958917). - CVE-2015-8504: VNC floating point exception (bsc#958491). - CVE-2015-8558: Infinite loop in ehci_advance_state resulting in DoS (bsc#959005). - CVE-2015-8567: A guest repeatedly activating a vmxnet3 device can leak host memory (bsc#959386). - CVE-2015-8568: A guest repeatedly activating a vmxnet3 device can leak host memory (bsc#959386). - CVE-2015-8613: Wrong sized memset in megasas command handler (bsc#961358). - CVE-2015-8619: Potential DoS for long HMP sendkey command argument (bsc#960334). - CVE-2015-8743: OOB memory access in ne2000 ioport r/w functions (bsc#960725). - CVE-2015-8744: Incorrect l2 header validation could have lead to a crash via assert(2) call (bsc#960835). - CVE-2015-8745: Reading IMR registers could have lead to a crash via assert(2) call (bsc#960708). - CVE-2016-1568: AHCI use-after-free in aio port commands (bsc#961332). - CVE-2016-1714: Potential OOB memory access in processing firmware configuration (bsc#961691). - CVE-2016-1922: NULL pointer dereference when processing hmp i/o command (bsc#962320). - CVE-2016-1981: Potential DoS (infinite loop) in e1000 device emulation by malicious privileged user within guest (bsc#963782). - CVE-2016-2198: Malicious privileged guest user were able to cause DoS by writing to read-only EHCI capabilities registers (bsc#964413). This non-security issue was fixed - bsc#886378: qemu truncates vhd images in virt-rescue Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12: zypper in -t patch SUSE-SLE-SERVER-12-2016-924=1 - SUSE Linux Enterprise Desktop 12: zypper in -t patch SUSE-SLE-DESKTOP-12-2016-924=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64): qemu-2.0.2-48.19.1 qemu-block-curl-2.0.2-48.19.1 qemu-block-curl-debuginfo-2.0.2-48.19.1 qemu-debugsource-2.0.2-48.19.1 qemu-guest-agent-2.0.2-48.19.1 qemu-guest-agent-debuginfo-2.0.2-48.19.1 qemu-lang-2.0.2-48.19.1 qemu-tools-2.0.2-48.19.1 qemu-tools-debuginfo-2.0.2-48.19.1 - SUSE Linux Enterprise Server 12 (s390x x86_64): qemu-kvm-2.0.2-48.19.1 - SUSE Linux Enterprise Server 12 (ppc64le): qemu-ppc-2.0.2-48.19.1 qemu-ppc-debuginfo-2.0.2-48.19.1 - SUSE Linux Enterprise Server 12 (x86_64): qemu-block-rbd-2.0.2-48.19.1 qemu-block-rbd-debuginfo-2.0.2-48.19.1 qemu-x86-2.0.2-48.19.1 qemu-x86-debuginfo-2.0.2-48.19.1 - SUSE Linux Enterprise Server 12 (noarch): qemu-ipxe-1.0.0-48.19.1 qemu-seabios-1.7.4-48.19.1 qemu-sgabios-8-48.19.1 qemu-vgabios-1.7.4-48.19.1 - SUSE Linux Enterprise Server 12 (s390x): qemu-s390-2.0.2-48.19.1 qemu-s390-debuginfo-2.0.2-48.19.1 - SUSE Linux Enterprise Desktop 12 (x86_64): qemu-2.0.2-48.19.1 qemu-block-curl-2.0.2-48.19.1 qemu-block-curl-debuginfo-2.0.2-48.19.1 qemu-debugsource-2.0.2-48.19.1 qemu-kvm-2.0.2-48.19.1 qemu-tools-2.0.2-48.19.1 qemu-tools-debuginfo-2.0.2-48.19.1 qemu-x86-2.0.2-48.19.1 qemu-x86-debuginfo-2.0.2-48.19.1 - SUSE Linux Enterprise Desktop 12 (noarch): qemu-ipxe-1.0.0-48.19.1 qemu-seabios-1.7.4-48.19.1 qemu-sgabios-8-48.19.1 qemu-vgabios-1.7.4-48.19.1 References: https://www.suse.com/security/cve/CVE-2014-3615.html https://www.suse.com/security/cve/CVE-2014-3689.html https://www.suse.com/security/cve/CVE-2014-9718.html https://www.suse.com/security/cve/CVE-2015-3214.html https://www.suse.com/security/cve/CVE-2015-5239.html https://www.suse.com/security/cve/CVE-2015-5745.html https://www.suse.com/security/cve/CVE-2015-7295.html https://www.suse.com/security/cve/CVE-2015-7549.html https://www.suse.com/security/cve/CVE-2015-8504.html https://www.suse.com/security/cve/CVE-2015-8558.html https://www.suse.com/security/cve/CVE-2015-8567.html https://www.suse.com/security/cve/CVE-2015-8568.html https://www.suse.com/security/cve/CVE-2015-8613.html https://www.suse.com/security/cve/CVE-2015-8619.html https://www.suse.com/security/cve/CVE-2015-8743.html https://www.suse.com/security/cve/CVE-2015-8744.html https://www.suse.com/security/cve/CVE-2015-8745.html https://www.suse.com/security/cve/CVE-2015-8817.html https://www.suse.com/security/cve/CVE-2015-8818.html https://www.suse.com/security/cve/CVE-2016-1568.html https://www.suse.com/security/cve/CVE-2016-1714.html https://www.suse.com/security/cve/CVE-2016-1922.html https://www.suse.com/security/cve/CVE-2016-1981.html https://www.suse.com/security/cve/CVE-2016-2198.html https://www.suse.com/security/cve/CVE-2016-2538.html https://www.suse.com/security/cve/CVE-2016-2841.html https://www.suse.com/security/cve/CVE-2016-2857.html https://www.suse.com/security/cve/CVE-2016-2858.html https://www.suse.com/security/cve/CVE-2016-3710.html https://www.suse.com/security/cve/CVE-2016-3712.html https://www.suse.com/security/cve/CVE-2016-4001.html https://www.suse.com/security/cve/CVE-2016-4002.html https://www.suse.com/security/cve/CVE-2016-4020.html https://www.suse.com/security/cve/CVE-2016-4037.html https://www.suse.com/security/cve/CVE-2016-4439.html https://www.suse.com/security/cve/CVE-2016-4441.html https://www.suse.com/security/cve/CVE-2016-4952.html https://bugzilla.suse.com/886378 https://bugzilla.suse.com/895528 https://bugzilla.suse.com/901508 https://bugzilla.suse.com/928393 https://bugzilla.suse.com/934069 https://bugzilla.suse.com/940929 https://bugzilla.suse.com/944463 https://bugzilla.suse.com/947159 https://bugzilla.suse.com/958491 https://bugzilla.suse.com/958917 https://bugzilla.suse.com/959005 https://bugzilla.suse.com/959386 https://bugzilla.suse.com/960334 https://bugzilla.suse.com/960708 https://bugzilla.suse.com/960725 https://bugzilla.suse.com/960835 https://bugzilla.suse.com/961332 https://bugzilla.suse.com/961333 https://bugzilla.suse.com/961358 https://bugzilla.suse.com/961556 https://bugzilla.suse.com/961691 https://bugzilla.suse.com/962320 https://bugzilla.suse.com/963782 https://bugzilla.suse.com/964413 https://bugzilla.suse.com/967969 https://bugzilla.suse.com/969121 https://bugzilla.suse.com/969122 https://bugzilla.suse.com/969350 https://bugzilla.suse.com/970036 https://bugzilla.suse.com/970037 https://bugzilla.suse.com/975128 https://bugzilla.suse.com/975136 https://bugzilla.suse.com/975700 https://bugzilla.suse.com/976109 https://bugzilla.suse.com/978158 https://bugzilla.suse.com/978160 https://bugzilla.suse.com/980711 https://bugzilla.suse.com/980723 https://bugzilla.suse.com/981266 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBV19ouYx+lLeg9Ub1AQhHCw//S4w+YMcIkWE1hkouG4qfqlHZlnB8V/jE zh9MYHXXI1KOugYxadxfYcfWg/f2Aniey0H9RFJs80h+imf19DOucYOAL38vyN6T UPi6RLSBcrF3qtMjbHgvjpHlQIaQowSBlu4c1mBbgEmeM2Sjl3txK37+3JdVqNr+ jHKzin595kTWcRllWpghj0JrjGFlBFAegz9KN+De8dZu0oZWvyH0IK+K8vTMPyHv mplHrdfMQJkaAI6MDLb5hvutD4dy43lL1Io2qD2mV4vVQaFMoH5H22tOLlpLNr4p 9kJa/qzPivFgxkkSh8yp5FZfGqZ+mkgVAPetNjZL35ikmoQ7NEKAZW4XJxhpYEkg 6ssg7BKFdzyeoKb56uL50C9Cpqe0eiVHTxKcFxnzTWUksqrqPQTAanXAXFq8w/JN QpK219ZDoOgVJRELc8xQb0ZUXDlfNzd3+jMax4/RLw0khLFkMbshJso5v1w4Ovg0 69geOM/cjJRZQkG6Wrp36xcG7ky7d8XhQxQrdZUTdtfJZtIYtxrjI3QwYIL2tzz/ OV/4khvqxn8/tgAb3ccjgEyXrnNSRPf4SOhItT5qidGR67VggJFwQFLlSK+05PO+ vZ9WAWevHsAMUbglrFtzLFHYrzl6DDEeBSemr3YFzpSkn+F1eINlQhCQj9/R8FNA q5dtss7hsQs= =6haq -----END PGP SIGNATURE-----