Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.1622 SUSE Security Update: Security update for qemu 30 June 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: qemu Publisher: SUSE Operating System: SUSE Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Denial of Service -- Existing Account Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2016-4952 CVE-2016-4441 CVE-2016-4439 CVE-2016-4037 CVE-2016-4020 CVE-2016-4002 CVE-2016-4001 CVE-2016-3712 CVE-2016-3710 CVE-2016-2858 CVE-2016-2857 CVE-2016-2841 CVE-2016-2538 CVE-2016-2198 CVE-2016-2197 CVE-2016-1981 CVE-2016-1922 CVE-2016-1714 CVE-2016-1568 CVE-2015-8818 CVE-2015-8817 CVE-2015-8745 CVE-2015-8744 CVE-2015-8743 CVE-2015-8619 CVE-2015-8613 CVE-2015-8568 CVE-2015-8567 CVE-2015-8558 CVE-2015-8504 CVE-2015-7549 CVE-2015-5745 Reference: ESB-2016.1618 ESB-2016.1480 ESB-2016.0862 ESB-2016.0803 - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2016:1703-1 Rating: important References: #886378 #940929 #958491 #958917 #959005 #959386 #960334 #960708 #960725 #960835 #961332 #961333 #961358 #961556 #961691 #962320 #963782 #964411 #964413 #967969 #969121 #969122 #969350 #970036 #970037 #975128 #975136 #975700 #976109 #978158 #978160 #980711 #980723 #981266 Cross-References: CVE-2015-5745 CVE-2015-7549 CVE-2015-8504 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 CVE-2015-8613 CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2015-8817 CVE-2015-8818 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981 CVE-2016-2197 CVE-2016-2198 CVE-2016-2538 CVE-2016-2841 CVE-2016-2857 CVE-2016-2858 CVE-2016-3710 CVE-2016-3712 CVE-2016-4001 CVE-2016-4002 CVE-2016-4020 CVE-2016-4037 CVE-2016-4439 CVE-2016-4441 CVE-2016-4952 Affected Products: SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 ______________________________________________________________________________ An update that solves 32 vulnerabilities and has two fixes is now available. Description: qemu was updated to fix 29 security issues. These security issues were fixed: - CVE-2016-4439: Avoid OOB access in 53C9X emulation (bsc#980711) - CVE-2016-4441: Avoid OOB access in 53C9X emulation (bsc#980723) - CVE-2016-4952: Avoid OOB access in Vmware PV SCSI emulation (bsc#981266) - CVE-2015-8817: Avoid OOB access in PCI dma I/O (bsc#969121) - CVE-2015-8818: Avoid OOB access in PCI dma I/O (bsc#969122) - CVE-2016-3710: Fixed VGA emulation based OOB access with potential for guest escape (bsc#978158) - CVE-2016-3712: Fixed VGa emulation based DOS and OOB read access exploit (bsc#978160) - CVE-2016-4037: Fixed USB ehci based DOS (bsc#976109) - CVE-2016-2538: Fixed potential OOB access in USB net device emulation (bsc#967969) - CVE-2016-2841: Fixed OOB access / hang in ne2000 emulation (bsc#969350) - CVE-2016-2858: Avoid potential DOS when using QEMU pseudo random number generator (bsc#970036) - CVE-2016-2857: Fixed OOB access when processing IP checksums (bsc#970037) - CVE-2016-4001: Fixed OOB access in Stellaris enet emulated nic (bsc#975128) - CVE-2016-4002: Fixed OOB access in MIPSnet emulated controller (bsc#975136) - CVE-2016-4020: Fixed possible host data leakage to guest from TPR access (bsc#975700) - CVE-2016-2197: Prevent AHCI NULL pointer dereference when using FIS CLB engine (bsc#964411) - CVE-2015-5745: Buffer overflow in virtio-serial (bsc#940929). - CVE-2015-7549: PCI null pointer dereferences (bsc#958917). - CVE-2015-8504: VNC floating point exception (bsc#958491). - CVE-2015-8558: Infinite loop in ehci_advance_state resulting in DoS (bsc#959005). - CVE-2015-8567: A guest repeatedly activating a vmxnet3 device can leak host memory (bsc#959386). - CVE-2015-8568: A guest repeatedly activating a vmxnet3 device can leak host memory (bsc#959386). - CVE-2015-8613: Wrong sized memset in megasas command handler (bsc#961358). - CVE-2015-8619: Potential DoS for long HMP sendkey command argument (bsc#960334). - CVE-2015-8743: OOB memory access in ne2000 ioport r/w functions (bsc#960725). - CVE-2015-8744: Incorrect l2 header validation could have lead to a crash via assert(2) call (bsc#960835). - CVE-2015-8745: Reading IMR registers could have lead to a crash via assert(2) call (bsc#960708). - CVE-2016-1568: AHCI use-after-free in aio port commands (bsc#961332). - CVE-2016-1714: Potential OOB memory access in processing firmware configuration (bsc#961691). - CVE-2016-1922: NULL pointer dereference when processing hmp i/o command (bsc#962320). - CVE-2016-1981: Potential DoS (infinite loop) in e1000 device emulation by malicious privileged user within guest (bsc#963782). - CVE-2016-2198: Malicious privileged guest user were able to cause DoS by writing to read-only EHCI capabilities registers (bsc#964413). This non-security issue was fixed - bsc#886378: qemu truncates vhd images in virt-rescue Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP1: zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1007=1 - SUSE Linux Enterprise Desktop 12-SP1: zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1007=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64): qemu-2.3.1-14.1 qemu-block-curl-2.3.1-14.1 qemu-block-curl-debuginfo-2.3.1-14.1 qemu-debugsource-2.3.1-14.1 qemu-guest-agent-2.3.1-14.1 qemu-guest-agent-debuginfo-2.3.1-14.1 qemu-lang-2.3.1-14.1 qemu-tools-2.3.1-14.1 qemu-tools-debuginfo-2.3.1-14.1 - SUSE Linux Enterprise Server 12-SP1 (s390x x86_64): qemu-kvm-2.3.1-14.1 - SUSE Linux Enterprise Server 12-SP1 (ppc64le): qemu-ppc-2.3.1-14.1 qemu-ppc-debuginfo-2.3.1-14.1 - SUSE Linux Enterprise Server 12-SP1 (noarch): qemu-ipxe-1.0.0-14.1 qemu-seabios-1.8.1-14.1 qemu-sgabios-8-14.1 qemu-vgabios-1.8.1-14.1 - SUSE Linux Enterprise Server 12-SP1 (x86_64): qemu-block-rbd-2.3.1-14.1 qemu-block-rbd-debuginfo-2.3.1-14.1 qemu-x86-2.3.1-14.1 - SUSE Linux Enterprise Server 12-SP1 (s390x): qemu-s390-2.3.1-14.1 qemu-s390-debuginfo-2.3.1-14.1 - SUSE Linux Enterprise Desktop 12-SP1 (x86_64): qemu-2.3.1-14.1 qemu-block-curl-2.3.1-14.1 qemu-block-curl-debuginfo-2.3.1-14.1 qemu-debugsource-2.3.1-14.1 qemu-kvm-2.3.1-14.1 qemu-tools-2.3.1-14.1 qemu-tools-debuginfo-2.3.1-14.1 qemu-x86-2.3.1-14.1 - SUSE Linux Enterprise Desktop 12-SP1 (noarch): qemu-ipxe-1.0.0-14.1 qemu-seabios-1.8.1-14.1 qemu-sgabios-8-14.1 qemu-vgabios-1.8.1-14.1 References: https://www.suse.com/security/cve/CVE-2015-5745.html https://www.suse.com/security/cve/CVE-2015-7549.html https://www.suse.com/security/cve/CVE-2015-8504.html https://www.suse.com/security/cve/CVE-2015-8558.html https://www.suse.com/security/cve/CVE-2015-8567.html https://www.suse.com/security/cve/CVE-2015-8568.html https://www.suse.com/security/cve/CVE-2015-8613.html https://www.suse.com/security/cve/CVE-2015-8619.html https://www.suse.com/security/cve/CVE-2015-8743.html https://www.suse.com/security/cve/CVE-2015-8744.html https://www.suse.com/security/cve/CVE-2015-8745.html https://www.suse.com/security/cve/CVE-2015-8817.html https://www.suse.com/security/cve/CVE-2015-8818.html https://www.suse.com/security/cve/CVE-2016-1568.html https://www.suse.com/security/cve/CVE-2016-1714.html https://www.suse.com/security/cve/CVE-2016-1922.html https://www.suse.com/security/cve/CVE-2016-1981.html https://www.suse.com/security/cve/CVE-2016-2197.html https://www.suse.com/security/cve/CVE-2016-2198.html https://www.suse.com/security/cve/CVE-2016-2538.html https://www.suse.com/security/cve/CVE-2016-2841.html https://www.suse.com/security/cve/CVE-2016-2857.html https://www.suse.com/security/cve/CVE-2016-2858.html https://www.suse.com/security/cve/CVE-2016-3710.html https://www.suse.com/security/cve/CVE-2016-3712.html https://www.suse.com/security/cve/CVE-2016-4001.html https://www.suse.com/security/cve/CVE-2016-4002.html https://www.suse.com/security/cve/CVE-2016-4020.html https://www.suse.com/security/cve/CVE-2016-4037.html https://www.suse.com/security/cve/CVE-2016-4439.html https://www.suse.com/security/cve/CVE-2016-4441.html https://www.suse.com/security/cve/CVE-2016-4952.html https://bugzilla.suse.com/886378 https://bugzilla.suse.com/940929 https://bugzilla.suse.com/958491 https://bugzilla.suse.com/958917 https://bugzilla.suse.com/959005 https://bugzilla.suse.com/959386 https://bugzilla.suse.com/960334 https://bugzilla.suse.com/960708 https://bugzilla.suse.com/960725 https://bugzilla.suse.com/960835 https://bugzilla.suse.com/961332 https://bugzilla.suse.com/961333 https://bugzilla.suse.com/961358 https://bugzilla.suse.com/961556 https://bugzilla.suse.com/961691 https://bugzilla.suse.com/962320 https://bugzilla.suse.com/963782 https://bugzilla.suse.com/964411 https://bugzilla.suse.com/964413 https://bugzilla.suse.com/967969 https://bugzilla.suse.com/969121 https://bugzilla.suse.com/969122 https://bugzilla.suse.com/969350 https://bugzilla.suse.com/970036 https://bugzilla.suse.com/970037 https://bugzilla.suse.com/975128 https://bugzilla.suse.com/975136 https://bugzilla.suse.com/975700 https://bugzilla.suse.com/976109 https://bugzilla.suse.com/978158 https://bugzilla.suse.com/978160 https://bugzilla.suse.com/980711 https://bugzilla.suse.com/980723 https://bugzilla.suse.com/981266 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBV3R+JYx+lLeg9Ub1AQhTixAAkFFY38cRQlCQXy8hkCAvlT42xIA6buEU f+r0v2W/atkVvke46uWx5IQ19NxnT2+bl19OsgAs0z8AobT5ZhhEPn5ImJG5OpVb HD3sYHSO5R0oTL47jia+KMt2RZqkd5MVt9dNkSeVEHWVhSKtBmG4VdrGMIayg4m9 DrwD4Xj6t/Msp1nEltWswKnc+NF1Z6eKqgdY9th4IKhegL4rnTQ/pHvJOpaMSODr nKnCg+2D+O0mug9FlTgVK7VfY+k5cr23dmHRxiwtidarRRJKr15sqCfvU4eydZ4J hBPWYLn8JsZX/Xqk5OOF3xlFIogQtsu5GqANtC9lAJct0r7+1r1iHMWdeGBmDiJP 3jIqhO9upVmBHwRx4wXAmWDyI8Lh29woGyjd+4R+XBpjYbgIdzlzsEsy2ZiSxD2V XbmjHCmHv6f0cI+ADXO7dLUeHv6TXNlK2X26sFq3ey8/l4DUuybgyySXn9d9rbzZ FcVfBytoh1Fc1eSGeAwdM7hopUykP/uqWa0jqWWNJNe1YMRy8gJ1hQDVJDxt7dM/ stv6AiVOPwd7E04r/5KesNRe4096WZB8ASDDoeJly/BaoDV1dFBcol/TtlqOfJk0 fTduP6wo1ke1m/hDKFfO/ZLWWHDeDT1Cxj6tdOERkwgqJ9yYa4SBfraQyxoGZnJa wum9UgzFK3g= =hn0P -----END PGP SIGNATURE-----