Jump to content
Compatible Support Forums
Sign in to follow this  
news

[security-announce] SUSE-SU-2016:1698-1: important: Security update for kvm

Recommended Posts

SUSE Security Update: Security update for kvm

______________________________________________________________________________

 

Announcement ID: SUSE-SU-2016:1698-1

Rating: important

References: #895528 #901508 #928393 #934069 #936132 #940929

#944463 #945404 #945987 #945989 #947159 #958491

#958917 #959005 #960334 #960725 #961332 #961333

#961358 #961556 #961691 #962320 #963782 #964413

#967969 #969350 #970036 #970037 #975128 #975136

#975700 #976109 #978158 #978160 #980711 #980723

 

Cross-References: CVE-2014-3615 CVE-2014-3689 CVE-2014-9718

CVE-2015-3214 CVE-2015-5239 CVE-2015-5278

CVE-2015-5279 CVE-2015-5745 CVE-2015-6855

CVE-2015-7295 CVE-2015-7549 CVE-2015-8504

CVE-2015-8558 CVE-2015-8613 CVE-2015-8619

CVE-2015-8743 CVE-2016-1568 CVE-2016-1714

CVE-2016-1922 CVE-2016-1981 CVE-2016-2198

CVE-2016-2538 CVE-2016-2841 CVE-2016-2857

CVE-2016-2858 CVE-2016-3710 CVE-2016-3712

CVE-2016-4001 CVE-2016-4002 CVE-2016-4020

CVE-2016-4037 CVE-2016-4439 CVE-2016-4441

 

Affected Products:

SUSE Linux Enterprise Server 11-SP3-LTSS

______________________________________________________________________________

 

An update that solves 33 vulnerabilities and has three

fixes is now available.

 

Description:

 

kvm was updated to fix 33 security issues.

 

These security issues were fixed:

- CVE-2016-4439: Avoid OOB access in 53C9X emulation (bsc#980711)

- CVE-2016-4441: Avoid OOB access in 53C9X emulation (bsc#980723)

- CVE-2016-3710: Fixed VGA emulation based OOB access with potential for

guest escape (bsc#978158)

- CVE-2016-3712: Fixed VGa emulation based DOS and OOB read access exploit

(bsc#978160)

- CVE-2016-4037: Fixed USB ehci based DOS (bsc#976109)

- CVE-2016-2538: Fixed potential OOB access in USB net device emulation

(bsc#967969)

- CVE-2016-2841: Fixed OOB access / hang in ne2000 emulation (bsc#969350)

- CVE-2016-2858: Avoid potential DOS when using QEMU pseudo random number

generator (bsc#970036)

- CVE-2016-2857: Fixed OOB access when processing IP checksums (bsc#970037)

- CVE-2016-4001: Fixed OOB access in Stellaris enet emulated nic

(bsc#975128)

- CVE-2016-4002: Fixed OOB access in MIPSnet emulated controller

(bsc#975136)

- CVE-2016-4020: Fixed possible host data leakage to guest from TPR access

(bsc#975700)

- CVE-2015-3214: Fixed OOB read in i8254 PIC (bsc#934069)

- CVE-2014-9718: Fixed the handling of malformed or short ide PRDTs to

avoid any opportunity for guest to cause DoS by abusing that interface

(bsc#928393)

- CVE-2014-3689: Fixed insufficient parameter validation in rectangle

functions (bsc#901508)

- CVE-2014-3615: The VGA emulator in QEMU allowed local guest users to

read host memory by setting the display to a high resolution

(bsc#895528).

- CVE-2015-5239: Integer overflow in vnc_client_read() and

protocol_client_msg() (bsc#944463).

- CVE-2015-5278: Infinite loop in ne2000_receive() function (bsc#945989).

- CVE-2015-5279: Heap-based buffer overflow in the ne2000_receive function

in hw/net/ne2000.c in QEMU allowed guest OS users to cause a denial of

service (instance crash) or possibly execute arbitrary code via vectors

related to receiving packets (bsc#945987).

- CVE-2015-5745: Buffer overflow in virtio-serial (bsc#940929).

- CVE-2015-6855: hw/ide/core.c in QEMU did not properly restrict the

commands accepted by an ATAPI device, which allowed guest users to cause

a denial of service or possibly have unspecified other impact via

certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command

to an empty drive, which triggers a divide-by-zero error and instance

crash (bsc#945404).

- CVE-2015-7295: hw/virtio/virtio.c in the Virtual Network Device

(virtio-net) support in QEMU, when big or mergeable receive buffers are

not supported, allowed remote attackers to cause a denial of service

(guest network consumption) via a flood of jumbo frames on the (1)

tuntap or (2) macvtap interface (bsc#947159).

- CVE-2015-7549: PCI null pointer dereferences (bsc#958917).

- CVE-2015-8504: VNC floating point exception (bsc#958491).

- CVE-2015-8558: Infinite loop in ehci_advance_state resulting in DoS

(bsc#959005).

- CVE-2015-8613: Wrong sized memset in megasas command handler

(bsc#961358).

- CVE-2015-8619: Potential DoS for long HMP sendkey command argument

(bsc#960334).

- CVE-2015-8743: OOB memory access in ne2000 ioport r/w functions

(bsc#960725).

- CVE-2016-1568: AHCI use-after-free in aio port commands (bsc#961332).

- CVE-2016-1714: Potential OOB memory access in processing firmware

configuration (bsc#961691).

- CVE-2016-1922: NULL pointer dereference when processing hmp i/o command

(bsc#962320).

- CVE-2016-1981: Potential DoS (infinite loop) in e1000 device emulation

by malicious privileged user within guest (bsc#963782).

- CVE-2016-2198: Malicious privileged guest user were able to cause DoS by

writing to read-only EHCI capabilities registers (bsc#964413).

 

This non-security issue was fixed:

- Fix case of IDE interface needing busy status set before flush

(bsc#936132)

 

 

Patch Instructions:

 

To install this SUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

 

- SUSE Linux Enterprise Server 11-SP3-LTSS:

 

zypper in -t patch slessp3-kvm-12634=1

 

To bring your system up-to-date, use "zypper patch".

 

 

Package List:

 

- SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64):

 

kvm-1.4.2-46.1

 

 

References:

 

https://www.suse.com/security/cve/CVE-2014-3615.html

https://www.suse.com/security/cve/CVE-2014-3689.html

https://www.suse.com/security/cve/CVE-2014-9718.html

https://www.suse.com/security/cve/CVE-2015-3214.html

https://www.suse.com/security/cve/CVE-2015-5239.html

https://www.suse.com/security/cve/CVE-2015-5278.html

https://www.suse.com/security/cve/CVE-2015-5279.html

https://www.suse.com/security/cve/CVE-2015-5745.html

https://www.suse.com/security/cve/CVE-2015-6855.html

https://www.suse.com/security/cve/CVE-2015-7295.html

https://www.suse.com/security/cve/CVE-2015-7549.html

https://www.suse.com/security/cve/CVE-2015-8504.html

https://www.suse.com/security/cve/CVE-2015-8558.html

https://www.suse.com/security/cve/CVE-2015-8613.html

https://www.suse.com/security/cve/CVE-2015-8619.html

https://www.suse.com/security/cve/CVE-2015-8743.html

https://www.suse.com/security/cve/CVE-2016-1568.html

https://www.suse.com/security/cve/CVE-2016-1714.html

https://www.suse.com/security/cve/CVE-2016-1922.html

https://www.suse.com/security/cve/CVE-2016-1981.html

https://www.suse.com/security/cve/CVE-2016-2198.html

https://www.suse.com/security/cve/CVE-2016-2538.html

https://www.suse.com/security/cve/CVE-2016-2841.html

https://www.suse.com/security/cve/CVE-2016-2857.html

https://www.suse.com/security/cve/CVE-2016-2858.html

https://www.suse.com/security/cve/CVE-2016-3710.html

https://www.suse.com/security/cve/CVE-2016-3712.html

https://www.suse.com/security/cve/CVE-2016-4001.html

https://www.suse.com/security/cve/CVE-2016-4002.html

https://www.suse.com/security/cve/CVE-2016-4020.html

https://www.suse.com/security/cve/CVE-2016-4037.html

https://www.suse.com/security/cve/CVE-2016-4439.html

https://www.suse.com/security/cve/CVE-2016-4441.html

https://bugzilla.suse.com/895528

https://bugzilla.suse.com/901508

https://bugzilla.suse.com/928393

https://bugzilla.suse.com/934069

https://bugzilla.suse.com/936132

https://bugzilla.suse.com/940929

https://bugzilla.suse.com/944463

https://bugzilla.suse.com/945404

https://bugzilla.suse.com/945987

https://bugzilla.suse.com/945989

https://bugzilla.suse.com/947159

https://bugzilla.suse.com/958491

https://bugzilla.suse.com/958917

https://bugzilla.suse.com/959005

https://bugzilla.suse.com/960334

https://bugzilla.suse.com/960725

https://bugzilla.suse.com/961332

https://bugzilla.suse.com/961333

https://bugzilla.suse.com/961358

https://bugzilla.suse.com/961556

https://bugzilla.suse.com/961691

https://bugzilla.suse.com/962320

https://bugzilla.suse.com/963782

https://bugzilla.suse.com/964413

https://bugzilla.suse.com/967969

https://bugzilla.suse.com/969350

https://bugzilla.suse.com/970036

https://bugzilla.suse.com/970037

https://bugzilla.suse.com/975128

https://bugzilla.suse.com/975136

https://bugzilla.suse.com/975700

https://bugzilla.suse.com/976109

https://bugzilla.suse.com/978158

https://bugzilla.suse.com/978160

https://bugzilla.suse.com/980711

https://bugzilla.suse.com/980723

 

--

To unsubscribe, e-mail: opensuse-security-announce+unsubscribe ( -at -) opensuse.org

For additional commands, e-mail: opensuse-security-announce+help ( -at -) opensuse.org

 

 

 

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×