Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2016.1622
SUSE Security Update: Security update for qemu
30 June 2016
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: qemu
Publisher: SUSE
Operating System: SUSE
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Denial of Service -- Existing Account
Access Confidential Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2016-4952 CVE-2016-4441 CVE-2016-4439
CVE-2016-4037 CVE-2016-4020 CVE-2016-4002
CVE-2016-4001 CVE-2016-3712 CVE-2016-3710
CVE-2016-2858 CVE-2016-2857 CVE-2016-2841
CVE-2016-2538 CVE-2016-2198 CVE-2016-2197
CVE-2016-1981 CVE-2016-1922 CVE-2016-1714
CVE-2016-1568 CVE-2015-8818 CVE-2015-8817
CVE-2015-8745 CVE-2015-8744 CVE-2015-8743
CVE-2015-8619 CVE-2015-8613 CVE-2015-8568
CVE-2015-8567 CVE-2015-8558 CVE-2015-8504
CVE-2015-7549 CVE-2015-5745
Reference: ESB-2016.1618
ESB-2016.1480
ESB-2016.0862
ESB-2016.0803
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for qemu
______________________________________________________________________________
Announcement ID: SUSE-SU-2016:1703-1
Rating: important
References: #886378 #940929 #958491 #958917 #959005 #959386
#960334 #960708 #960725 #960835 #961332 #961333
#961358 #961556 #961691 #962320 #963782 #964411
#964413 #967969 #969121 #969122 #969350 #970036
#970037 #975128 #975136 #975700 #976109 #978158
#978160 #980711 #980723 #981266
Cross-References: CVE-2015-5745 CVE-2015-7549 CVE-2015-8504
CVE-2015-8558 CVE-2015-8567 CVE-2015-8568
CVE-2015-8613 CVE-2015-8619 CVE-2015-8743
CVE-2015-8744 CVE-2015-8745 CVE-2015-8817
CVE-2015-8818 CVE-2016-1568 CVE-2016-1714
CVE-2016-1922 CVE-2016-1981 CVE-2016-2197
CVE-2016-2198 CVE-2016-2538 CVE-2016-2841
CVE-2016-2857 CVE-2016-2858 CVE-2016-3710
CVE-2016-3712 CVE-2016-4001 CVE-2016-4002
CVE-2016-4020 CVE-2016-4037 CVE-2016-4439
CVE-2016-4441 CVE-2016-4952
Affected Products:
SUSE Linux Enterprise Server 12-SP1
SUSE Linux Enterprise Desktop 12-SP1
______________________________________________________________________________
An update that solves 32 vulnerabilities and has two fixes
is now available.
Description:
qemu was updated to fix 29 security issues.
These security issues were fixed:
- CVE-2016-4439: Avoid OOB access in 53C9X emulation (bsc#980711)
- CVE-2016-4441: Avoid OOB access in 53C9X emulation (bsc#980723)
- CVE-2016-4952: Avoid OOB access in Vmware PV SCSI emulation (bsc#981266)
- CVE-2015-8817: Avoid OOB access in PCI dma I/O (bsc#969121)
- CVE-2015-8818: Avoid OOB access in PCI dma I/O (bsc#969122)
- CVE-2016-3710: Fixed VGA emulation based OOB access with potential for
guest escape (bsc#978158)
- CVE-2016-3712: Fixed VGa emulation based DOS and OOB read access exploit
(bsc#978160)
- CVE-2016-4037: Fixed USB ehci based DOS (bsc#976109)
- CVE-2016-2538: Fixed potential OOB access in USB net device emulation
(bsc#967969)
- CVE-2016-2841: Fixed OOB access / hang in ne2000 emulation (bsc#969350)
- CVE-2016-2858: Avoid potential DOS when using QEMU pseudo random number
generator (bsc#970036)
- CVE-2016-2857: Fixed OOB access when processing IP checksums (bsc#970037)
- CVE-2016-4001: Fixed OOB access in Stellaris enet emulated nic
(bsc#975128)
- CVE-2016-4002: Fixed OOB access in MIPSnet emulated controller
(bsc#975136)
- CVE-2016-4020: Fixed possible host data leakage to guest from TPR access
(bsc#975700)
- CVE-2016-2197: Prevent AHCI NULL pointer dereference when using FIS CLB
engine (bsc#964411)
- CVE-2015-5745: Buffer overflow in virtio-serial (bsc#940929).
- CVE-2015-7549: PCI null pointer dereferences (bsc#958917).
- CVE-2015-8504: VNC floating point exception (bsc#958491).
- CVE-2015-8558: Infinite loop in ehci_advance_state resulting in DoS
(bsc#959005).
- CVE-2015-8567: A guest repeatedly activating a vmxnet3 device can leak
host memory (bsc#959386).
- CVE-2015-8568: A guest repeatedly activating a vmxnet3 device can leak
host memory (bsc#959386).
- CVE-2015-8613: Wrong sized memset in megasas command handler
(bsc#961358).
- CVE-2015-8619: Potential DoS for long HMP sendkey command argument
(bsc#960334).
- CVE-2015-8743: OOB memory access in ne2000 ioport r/w functions
(bsc#960725).
- CVE-2015-8744: Incorrect l2 header validation could have lead to a crash
via assert(2) call (bsc#960835).
- CVE-2015-8745: Reading IMR registers could have lead to a crash via
assert(2) call (bsc#960708).
- CVE-2016-1568: AHCI use-after-free in aio port commands (bsc#961332).
- CVE-2016-1714: Potential OOB memory access in processing firmware
configuration (bsc#961691).
- CVE-2016-1922: NULL pointer dereference when processing hmp i/o command
(bsc#962320).
- CVE-2016-1981: Potential DoS (infinite loop) in e1000 device emulation
by malicious privileged user within guest (bsc#963782).
- CVE-2016-2198: Malicious privileged guest user were able to cause DoS by
writing to read-only EHCI capabilities registers (bsc#964413).
This non-security issue was fixed
- bsc#886378: qemu truncates vhd images in virt-rescue
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 12-SP1:
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1007=1
- SUSE Linux Enterprise Desktop 12-SP1:
zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1007=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 12-SP1 (ppc64le s390x x86_64):
qemu-2.3.1-14.1
qemu-block-curl-2.3.1-14.1
qemu-block-curl-debuginfo-2.3.1-14.1
qemu-debugsource-2.3.1-14.1
qemu-guest-agent-2.3.1-14.1
qemu-guest-agent-debuginfo-2.3.1-14.1
qemu-lang-2.3.1-14.1
qemu-tools-2.3.1-14.1
qemu-tools-debuginfo-2.3.1-14.1
- SUSE Linux Enterprise Server 12-SP1 (s390x x86_64):
qemu-kvm-2.3.1-14.1
- SUSE Linux Enterprise Server 12-SP1 (ppc64le):
qemu-ppc-2.3.1-14.1
qemu-ppc-debuginfo-2.3.1-14.1
- SUSE Linux Enterprise Server 12-SP1 (noarch):
qemu-ipxe-1.0.0-14.1
qemu-seabios-1.8.1-14.1
qemu-sgabios-8-14.1
qemu-vgabios-1.8.1-14.1
- SUSE Linux Enterprise Server 12-SP1 (x86_64):
qemu-block-rbd-2.3.1-14.1
qemu-block-rbd-debuginfo-2.3.1-14.1
qemu-x86-2.3.1-14.1
- SUSE Linux Enterprise Server 12-SP1 (s390x):
qemu-s390-2.3.1-14.1
qemu-s390-debuginfo-2.3.1-14.1
- SUSE Linux Enterprise Desktop 12-SP1 (x86_64):
qemu-2.3.1-14.1
qemu-block-curl-2.3.1-14.1
qemu-block-curl-debuginfo-2.3.1-14.1
qemu-debugsource-2.3.1-14.1
qemu-kvm-2.3.1-14.1
qemu-tools-2.3.1-14.1
qemu-tools-debuginfo-2.3.1-14.1
qemu-x86-2.3.1-14.1
- SUSE Linux Enterprise Desktop 12-SP1 (noarch):
qemu-ipxe-1.0.0-14.1
qemu-seabios-1.8.1-14.1
qemu-sgabios-8-14.1
qemu-vgabios-1.8.1-14.1
References:
https://www.suse.com/security/cve/CVE-2015-5745.html
https://www.suse.com/security/cve/CVE-2015-7549.html
https://www.suse.com/security/cve/CVE-2015-8504.html
https://www.suse.com/security/cve/CVE-2015-8558.html
https://www.suse.com/security/cve/CVE-2015-8567.html
https://www.suse.com/security/cve/CVE-2015-8568.html
https://www.suse.com/security/cve/CVE-2015-8613.html
https://www.suse.com/security/cve/CVE-2015-8619.html
https://www.suse.com/security/cve/CVE-2015-8743.html
https://www.suse.com/security/cve/CVE-2015-8744.html
https://www.suse.com/security/cve/CVE-2015-8745.html
https://www.suse.com/security/cve/CVE-2015-8817.html
https://www.suse.com/security/cve/CVE-2015-8818.html
https://www.suse.com/security/cve/CVE-2016-1568.html
https://www.suse.com/security/cve/CVE-2016-1714.html
https://www.suse.com/security/cve/CVE-2016-1922.html
https://www.suse.com/security/cve/CVE-2016-1981.html
https://www.suse.com/security/cve/CVE-2016-2197.html
https://www.suse.com/security/cve/CVE-2016-2198.html
https://www.suse.com/security/cve/CVE-2016-2538.html
https://www.suse.com/security/cve/CVE-2016-2841.html
https://www.suse.com/security/cve/CVE-2016-2857.html
https://www.suse.com/security/cve/CVE-2016-2858.html
https://www.suse.com/security/cve/CVE-2016-3710.html
https://www.suse.com/security/cve/CVE-2016-3712.html
https://www.suse.com/security/cve/CVE-2016-4001.html
https://www.suse.com/security/cve/CVE-2016-4002.html
https://www.suse.com/security/cve/CVE-2016-4020.html
https://www.suse.com/security/cve/CVE-2016-4037.html
https://www.suse.com/security/cve/CVE-2016-4439.html
https://www.suse.com/security/cve/CVE-2016-4441.html
https://www.suse.com/security/cve/CVE-2016-4952.html
https://bugzilla.suse.com/886378
https://bugzilla.suse.com/940929
https://bugzilla.suse.com/958491
https://bugzilla.suse.com/958917
https://bugzilla.suse.com/959005
https://bugzilla.suse.com/959386
https://bugzilla.suse.com/960334
https://bugzilla.suse.com/960708
https://bugzilla.suse.com/960725
https://bugzilla.suse.com/960835
https://bugzilla.suse.com/961332
https://bugzilla.suse.com/961333
https://bugzilla.suse.com/961358
https://bugzilla.suse.com/961556
https://bugzilla.suse.com/961691
https://bugzilla.suse.com/962320
https://bugzilla.suse.com/963782
https://bugzilla.suse.com/964411
https://bugzilla.suse.com/964413
https://bugzilla.suse.com/967969
https://bugzilla.suse.com/969121
https://bugzilla.suse.com/969122
https://bugzilla.suse.com/969350
https://bugzilla.suse.com/970036
https://bugzilla.suse.com/970037
https://bugzilla.suse.com/975128
https://bugzilla.suse.com/975136
https://bugzilla.suse.com/975700
https://bugzilla.suse.com/976109
https://bugzilla.suse.com/978158
https://bugzilla.suse.com/978160
https://bugzilla.suse.com/980711
https://bugzilla.suse.com/980723
https://bugzilla.suse.com/981266
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBV3R+JYx+lLeg9Ub1AQhTixAAkFFY38cRQlCQXy8hkCAvlT42xIA6buEU
f+r0v2W/atkVvke46uWx5IQ19NxnT2+bl19OsgAs0z8AobT5ZhhEPn5ImJG5OpVb
HD3sYHSO5R0oTL47jia+KMt2RZqkd5MVt9dNkSeVEHWVhSKtBmG4VdrGMIayg4m9
DrwD4Xj6t/Msp1nEltWswKnc+NF1Z6eKqgdY9th4IKhegL4rnTQ/pHvJOpaMSODr
nKnCg+2D+O0mug9FlTgVK7VfY+k5cr23dmHRxiwtidarRRJKr15sqCfvU4eydZ4J
hBPWYLn8JsZX/Xqk5OOF3xlFIogQtsu5GqANtC9lAJct0r7+1r1iHMWdeGBmDiJP
3jIqhO9upVmBHwRx4wXAmWDyI8Lh29woGyjd+4R+XBpjYbgIdzlzsEsy2ZiSxD2V
XbmjHCmHv6f0cI+ADXO7dLUeHv6TXNlK2X26sFq3ey8/l4DUuybgyySXn9d9rbzZ
FcVfBytoh1Fc1eSGeAwdM7hopUykP/uqWa0jqWWNJNe1YMRy8gJ1hQDVJDxt7dM/
stv6AiVOPwd7E04r/5KesNRe4096WZB8ASDDoeJly/BaoDV1dFBcol/TtlqOfJk0
fTduP6wo1ke1m/hDKFfO/ZLWWHDeDT1Cxj6tdOERkwgqJ9yYa4SBfraQyxoGZnJa
wum9UgzFK3g=
=hn0P
-----END PGP SIGNATURE-----