Security update for qemu

Announcement ID:	SUSE-SU-2016:1703-1
Rating:	important
References:	bsc#886378 bsc#940929 bsc#958491 bsc#958917 bsc#959005 bsc#959386 bsc#960334 bsc#960708 bsc#960725 bsc#960835 bsc#961332 bsc#961333 bsc#961358 bsc#961556 bsc#961691 bsc#962320 bsc#963782 bsc#964411 bsc#964413 bsc#967969 bsc#969121 bsc#969122 bsc#969350 bsc#970036 bsc#970037 bsc#975128 bsc#975136 bsc#975700 bsc#976109 bsc#978158 bsc#978160 bsc#980711 bsc#980723 bsc#981266
Cross-References:	CVE-2015-5745 CVE-2015-7549 CVE-2015-8504 CVE-2015-8558 CVE-2015-8567 CVE-2015-8568 CVE-2015-8613 CVE-2015-8619 CVE-2015-8743 CVE-2015-8744 CVE-2015-8745 CVE-2015-8817 CVE-2015-8818 CVE-2016-1568 CVE-2016-1714 CVE-2016-1922 CVE-2016-1981 CVE-2016-2197 CVE-2016-2198 CVE-2016-2538 CVE-2016-2841 CVE-2016-2857 CVE-2016-2858 CVE-2016-3710 CVE-2016-3712 CVE-2016-4001 CVE-2016-4002 CVE-2016-4020 CVE-2016-4037 CVE-2016-4439 CVE-2016-4441 CVE-2016-4952
CVSS scores:	CVE-2015-5745 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2015-7549 ( NVD ): 6.0 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2015-8504 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2015-8558 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2015-8567 ( NVD ): 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2015-8568 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2015-8613 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2015-8743 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2015-8744 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2015-8745 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2015-8817 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2015-8818 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2016-1568 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2016-1568 ( NVD ): 8.5 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2016-1714 ( NVD ): 8.1 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2016-1922 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2016-1922 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2016-1981 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2016-1981 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2016-2197 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2016-2198 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2016-2198 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2016-2538 ( NVD ): 7.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2016-2841 ( NVD ): 6.0 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2016-2857 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H CVE-2016-2857 ( NVD ): 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2016-2858 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2016-2858 ( NVD ): 5.9 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2016-3710 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2016-3710 ( NVD ): 8.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2016-3712 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2016-3712 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2016-4001 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2016-4001 ( NVD ): 6.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2016-4002 ( NVD ): 9.0 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2016-4020 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2016-4020 ( NVD ): 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2016-4037 ( NVD ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2016-4037 ( NVD ): 6.0 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2016-4439 ( NVD ): 8.2 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2016-4441 ( NVD ): 6.0 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H CVE-2016-4952 ( NVD ): 5.3 CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
Affected Products:	SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP1

An update that solves 32 vulnerabilities and has two security fixes can now be installed.

Description:

qemu was updated to fix 29 security issues.

These security issues were fixed: - CVE-2016-4439: Avoid OOB access in 53C9X emulation (bsc#980711) - CVE-2016-4441: Avoid OOB access in 53C9X emulation (bsc#980723) - CVE-2016-4952: Avoid OOB access in Vmware PV SCSI emulation (bsc#981266) - CVE-2015-8817: Avoid OOB access in PCI dma I/O (bsc#969121) - CVE-2015-8818: Avoid OOB access in PCI dma I/O (bsc#969122) - CVE-2016-3710: Fixed VGA emulation based OOB access with potential for guest escape (bsc#978158) - CVE-2016-3712: Fixed VGa emulation based DOS and OOB read access exploit (bsc#978160) - CVE-2016-4037: Fixed USB ehci based DOS (bsc#976109) - CVE-2016-2538: Fixed potential OOB access in USB net device emulation (bsc#967969) - CVE-2016-2841: Fixed OOB access / hang in ne2000 emulation (bsc#969350) - CVE-2016-2858: Avoid potential DOS when using QEMU pseudo random number generator (bsc#970036) - CVE-2016-2857: Fixed OOB access when processing IP checksums (bsc#970037) - CVE-2016-4001: Fixed OOB access in Stellaris enet emulated nic (bsc#975128) - CVE-2016-4002: Fixed OOB access in MIPSnet emulated controller (bsc#975136) - CVE-2016-4020: Fixed possible host data leakage to guest from TPR access (bsc#975700) - CVE-2016-2197: Prevent AHCI NULL pointer dereference when using FIS CLB engine (bsc#964411) - CVE-2015-5745: Buffer overflow in virtio-serial (bsc#940929). - CVE-2015-7549: PCI null pointer dereferences (bsc#958917). - CVE-2015-8504: VNC floating point exception (bsc#958491). - CVE-2015-8558: Infinite loop in ehci_advance_state resulting in DoS (bsc#959005). - CVE-2015-8567: A guest repeatedly activating a vmxnet3 device can leak host memory (bsc#959386). - CVE-2015-8568: A guest repeatedly activating a vmxnet3 device can leak host memory (bsc#959386). - CVE-2015-8613: Wrong sized memset in megasas command handler (bsc#961358). - CVE-2015-8619: Potential DoS for long HMP sendkey command argument (bsc#960334). - CVE-2015-8743: OOB memory access in ne2000 ioport r/w functions (bsc#960725). - CVE-2015-8744: Incorrect l2 header validation could have lead to a crash via assert(2) call (bsc#960835). - CVE-2015-8745: Reading IMR registers could have lead to a crash via assert(2) call (bsc#960708). - CVE-2016-1568: AHCI use-after-free in aio port commands (bsc#961332). - CVE-2016-1714: Potential OOB memory access in processing firmware configuration (bsc#961691). - CVE-2016-1922: NULL pointer dereference when processing hmp i/o command (bsc#962320). - CVE-2016-1981: Potential DoS (infinite loop) in e1000 device emulation by malicious privileged user within guest (bsc#963782). - CVE-2016-2198: Malicious privileged guest user were able to cause DoS by writing to read-only EHCI capabilities registers (bsc#964413).

This non-security issue was fixed - bsc#886378: qemu truncates vhd images in virt-rescue

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Desktop 12 SP1
  zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1007=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP1
  zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1007=1
• SUSE Linux Enterprise Server 12 SP1
  zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1007=1

Package List:

• SUSE Linux Enterprise Desktop 12 SP1 (x86_64)
  • qemu-block-curl-debuginfo-2.3.1-14.1
  • qemu-debugsource-2.3.1-14.1
  • qemu-kvm-2.3.1-14.1
  • qemu-tools-debuginfo-2.3.1-14.1
  • qemu-block-curl-2.3.1-14.1
  • qemu-2.3.1-14.1
  • qemu-tools-2.3.1-14.1
  • qemu-x86-2.3.1-14.1
• SUSE Linux Enterprise Desktop 12 SP1 (noarch)
  • qemu-vgabios-1.8.1-14.1
  • qemu-seabios-1.8.1-14.1
  • qemu-ipxe-1.0.0-14.1
  • qemu-sgabios-8-14.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP1 (ppc64le x86_64)
  • qemu-block-curl-debuginfo-2.3.1-14.1
  • qemu-debugsource-2.3.1-14.1
  • qemu-lang-2.3.1-14.1
  • qemu-tools-debuginfo-2.3.1-14.1
  • qemu-guest-agent-2.3.1-14.1
  • qemu-block-curl-2.3.1-14.1
  • qemu-2.3.1-14.1
  • qemu-tools-2.3.1-14.1
  • qemu-guest-agent-debuginfo-2.3.1-14.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP1 (ppc64le)
  • qemu-ppc-2.3.1-14.1
  • qemu-ppc-debuginfo-2.3.1-14.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP1 (x86_64)
  • qemu-x86-2.3.1-14.1
  • qemu-block-rbd-debuginfo-2.3.1-14.1
  • qemu-block-rbd-2.3.1-14.1
  • qemu-kvm-2.3.1-14.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP1 (noarch)
  • qemu-vgabios-1.8.1-14.1
  • qemu-seabios-1.8.1-14.1
  • qemu-ipxe-1.0.0-14.1
  • qemu-sgabios-8-14.1
• SUSE Linux Enterprise Server 12 SP1 (ppc64le s390x x86_64)
  • qemu-block-curl-debuginfo-2.3.1-14.1
  • qemu-debugsource-2.3.1-14.1
  • qemu-lang-2.3.1-14.1
  • qemu-tools-debuginfo-2.3.1-14.1
  • qemu-guest-agent-2.3.1-14.1
  • qemu-block-curl-2.3.1-14.1
  • qemu-2.3.1-14.1
  • qemu-tools-2.3.1-14.1
  • qemu-guest-agent-debuginfo-2.3.1-14.1
• SUSE Linux Enterprise Server 12 SP1 (ppc64le)
  • qemu-ppc-2.3.1-14.1
  • qemu-ppc-debuginfo-2.3.1-14.1
• SUSE Linux Enterprise Server 12 SP1 (s390x x86_64)
  • qemu-kvm-2.3.1-14.1
• SUSE Linux Enterprise Server 12 SP1 (s390x)
  • qemu-s390-debuginfo-2.3.1-14.1
  • qemu-s390-2.3.1-14.1
• SUSE Linux Enterprise Server 12 SP1 (x86_64)
  • qemu-x86-2.3.1-14.1
  • qemu-block-rbd-debuginfo-2.3.1-14.1
  • qemu-block-rbd-2.3.1-14.1
• SUSE Linux Enterprise Server 12 SP1 (noarch)
  • qemu-vgabios-1.8.1-14.1
  • qemu-seabios-1.8.1-14.1
  • qemu-ipxe-1.0.0-14.1
  • qemu-sgabios-8-14.1

References:

• https://www.suse.com/security/cve/CVE-2015-5745.html
• https://www.suse.com/security/cve/CVE-2015-7549.html
• https://www.suse.com/security/cve/CVE-2015-8504.html
• https://www.suse.com/security/cve/CVE-2015-8558.html
• https://www.suse.com/security/cve/CVE-2015-8567.html
• https://www.suse.com/security/cve/CVE-2015-8568.html
• https://www.suse.com/security/cve/CVE-2015-8613.html
• https://www.suse.com/security/cve/CVE-2015-8619.html
• https://www.suse.com/security/cve/CVE-2015-8743.html
• https://www.suse.com/security/cve/CVE-2015-8744.html
• https://www.suse.com/security/cve/CVE-2015-8745.html
• https://www.suse.com/security/cve/CVE-2015-8817.html
• https://www.suse.com/security/cve/CVE-2015-8818.html
• https://www.suse.com/security/cve/CVE-2016-1568.html
• https://www.suse.com/security/cve/CVE-2016-1714.html
• https://www.suse.com/security/cve/CVE-2016-1922.html
• https://www.suse.com/security/cve/CVE-2016-1981.html
• https://www.suse.com/security/cve/CVE-2016-2197.html
• https://www.suse.com/security/cve/CVE-2016-2198.html
• https://www.suse.com/security/cve/CVE-2016-2538.html
• https://www.suse.com/security/cve/CVE-2016-2841.html
• https://www.suse.com/security/cve/CVE-2016-2857.html
• https://www.suse.com/security/cve/CVE-2016-2858.html
• https://www.suse.com/security/cve/CVE-2016-3710.html
• https://www.suse.com/security/cve/CVE-2016-3712.html
• https://www.suse.com/security/cve/CVE-2016-4001.html
• https://www.suse.com/security/cve/CVE-2016-4002.html
• https://www.suse.com/security/cve/CVE-2016-4020.html
• https://www.suse.com/security/cve/CVE-2016-4037.html
• https://www.suse.com/security/cve/CVE-2016-4439.html
• https://www.suse.com/security/cve/CVE-2016-4441.html
• https://www.suse.com/security/cve/CVE-2016-4952.html
• https://bugzilla.suse.com/show_bug.cgi?id=886378
• https://bugzilla.suse.com/show_bug.cgi?id=940929
• https://bugzilla.suse.com/show_bug.cgi?id=958491
• https://bugzilla.suse.com/show_bug.cgi?id=958917
• https://bugzilla.suse.com/show_bug.cgi?id=959005
• https://bugzilla.suse.com/show_bug.cgi?id=959386
• https://bugzilla.suse.com/show_bug.cgi?id=960334
• https://bugzilla.suse.com/show_bug.cgi?id=960708
• https://bugzilla.suse.com/show_bug.cgi?id=960725
• https://bugzilla.suse.com/show_bug.cgi?id=960835
• https://bugzilla.suse.com/show_bug.cgi?id=961332