Security update for kvm
Announcement ID: | SUSE-SU-2016:1785-1 |
---|---|
Rating: | important |
References: |
|
Cross-References: |
|
CVSS scores: |
|
Affected Products: |
|
An update that solves 33 vulnerabilities and has three security fixes can now be installed.
Description:
kvm was updated to fix 33 security issues.
These security issues were fixed: - CVE-2016-4439: Avoid OOB access in 53C9X emulation (bsc#980711) - CVE-2016-4441: Avoid OOB access in 53C9X emulation (bsc#980723) - CVE-2016-3710: Fixed VGA emulation based OOB access with potential for guest escape (bsc#978158) - CVE-2016-3712: Fixed VGa emulation based DOS and OOB read access exploit (bsc#978160) - CVE-2016-4037: Fixed USB ehci based DOS (bsc#976109) - CVE-2016-2538: Fixed potential OOB access in USB net device emulation (bsc#967969) - CVE-2016-2841: Fixed OOB access / hang in ne2000 emulation (bsc#969350) - CVE-2016-2858: Avoid potential DOS when using QEMU pseudo random number generator (bsc#970036) - CVE-2016-2857: Fixed OOB access when processing IP checksums (bsc#970037) - CVE-2016-4001: Fixed OOB access in Stellaris enet emulated nic (bsc#975128) - CVE-2016-4002: Fixed OOB access in MIPSnet emulated controller (bsc#975136) - CVE-2016-4020: Fixed possible host data leakage to guest from TPR access (bsc#975700) - CVE-2015-3214: Fixed OOB read in i8254 PIC (bsc#934069) - CVE-2014-9718: Fixed the handling of malformed or short ide PRDTs to avoid any opportunity for guest to cause DoS by abusing that interface (bsc#928393) - CVE-2014-3689: Fixed insufficient parameter validation in rectangle functions (bsc#901508) - CVE-2014-3615: The VGA emulator in QEMU allowed local guest users to read host memory by setting the display to a high resolution (bsc#895528). - CVE-2015-5239: Integer overflow in vnc_client_read() and protocol_client_msg() (bsc#944463). - CVE-2015-5278: Infinite loop in ne2000_receive() function (bsc#945989). - CVE-2015-5279: Heap-based buffer overflow in the ne2000_receive function in hw/net/ne2000.c in QEMU allowed guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via vectors related to receiving packets (bsc#945987). - CVE-2015-5745: Buffer overflow in virtio-serial (bsc#940929). - CVE-2015-6855: hw/ide/core.c in QEMU did not properly restrict the commands accepted by an ATAPI device, which allowed guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command to an empty drive, which triggers a divide-by-zero error and instance crash (bsc#945404). - CVE-2015-7295: hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allowed remote attackers to cause a denial of service (guest network consumption) via a flood of jumbo frames on the (1) tuntap or (2) macvtap interface (bsc#947159). - CVE-2015-7549: PCI null pointer dereferences (bsc#958917). - CVE-2015-8504: VNC floating point exception (bsc#958491). - CVE-2015-8558: Infinite loop in ehci_advance_state resulting in DoS (bsc#959005). - CVE-2015-8613: Wrong sized memset in megasas command handler (bsc#961358). - CVE-2015-8619: Potential DoS for long HMP sendkey command argument (bsc#960334). - CVE-2015-8743: OOB memory access in ne2000 ioport r/w functions (bsc#960725). - CVE-2016-1568: AHCI use-after-free in aio port commands (bsc#961332). - CVE-2016-1714: Potential OOB memory access in processing firmware configuration (bsc#961691). - CVE-2016-1922: NULL pointer dereference when processing hmp i/o command (bsc#962320). - CVE-2016-1981: Potential DoS (infinite loop) in e1000 device emulation by malicious privileged user within guest (bsc#963782). - CVE-2016-2198: Malicious privileged guest user were able to cause DoS by writing to read-only EHCI capabilities registers (bsc#964413).
This non-security issue was fixed: - Fix case of IDE interface needing busy status set before flush (bsc#936132)
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Server 11 SP4
zypper in -t patch slessp4-kvm-12645=1
-
SLES for SAP Applications 11-SP4
zypper in -t patch slessp4-kvm-12645=1
Package List:
-
SUSE Linux Enterprise Server 11 SP4 (s390x x86_64 i586)
- kvm-1.4.2-44.1
-
SLES for SAP Applications 11-SP4 (x86_64)
- kvm-1.4.2-44.1
References:
- https://www.suse.com/security/cve/CVE-2014-3615.html
- https://www.suse.com/security/cve/CVE-2014-3689.html
- https://www.suse.com/security/cve/CVE-2014-9718.html
- https://www.suse.com/security/cve/CVE-2015-3214.html
- https://www.suse.com/security/cve/CVE-2015-5239.html
- https://www.suse.com/security/cve/CVE-2015-5278.html
- https://www.suse.com/security/cve/CVE-2015-5279.html
- https://www.suse.com/security/cve/CVE-2015-5745.html
- https://www.suse.com/security/cve/CVE-2015-6855.html
- https://www.suse.com/security/cve/CVE-2015-7295.html
- https://www.suse.com/security/cve/CVE-2015-7549.html
- https://www.suse.com/security/cve/CVE-2015-8504.html
- https://www.suse.com/security/cve/CVE-2015-8558.html
- https://www.suse.com/security/cve/CVE-2015-8613.html
- https://www.suse.com/security/cve/CVE-2015-8619.html
- https://www.suse.com/security/cve/CVE-2015-8743.html
- https://www.suse.com/security/cve/CVE-2016-1568.html
- https://www.suse.com/security/cve/CVE-2016-1714.html
- https://www.suse.com/security/cve/CVE-2016-1922.html
- https://www.suse.com/security/cve/CVE-2016-1981.html
- https://www.suse.com/security/cve/CVE-2016-2198.html
- https://www.suse.com/security/cve/CVE-2016-2538.html
- https://www.suse.com/security/cve/CVE-2016-2841.html
- https://www.suse.com/security/cve/CVE-2016-2857.html
- https://www.suse.com/security/cve/CVE-2016-2858.html
- https://www.suse.com/security/cve/CVE-2016-3710.html
- https://www.suse.com/security/cve/CVE-2016-3712.html
- https://www.suse.com/security/cve/CVE-2016-4001.html
- https://www.suse.com/security/cve/CVE-2016-4002.html
- https://www.suse.com/security/cve/CVE-2016-4020.html
- https://www.suse.com/security/cve/CVE-2016-4037.html
- https://www.suse.com/security/cve/CVE-2016-4439.html
- https://www.suse.com/security/cve/CVE-2016-4441.html
- https://bugzilla.suse.com/show_bug.cgi?id=895528
- https://bugzilla.suse.com/show_bug.cgi?id=901508
- https://bugzilla.suse.com/show_bug.cgi?id=928393
- https://bugzilla.suse.com/show_bug.cgi?id=934069
- https://bugzilla.suse.com/show_bug.cgi?id=936132
- https://bugzilla.suse.com/show_bug.cgi?id=940929
- https://bugzilla.suse.com/show_bug.cgi?id=944463
- https://bugzilla.suse.com/show_bug.cgi?id=945404
- https://bugzilla.suse.com/show_bug.cgi?id=945987
- https://bugzilla.suse.com/show_bug.cgi?id=945989
- https://bugzilla.suse.com/show_bug.cgi?id=947159
- https://bugzilla.suse.com/show_bug.cgi?id=958491
- https://bugzilla.suse.com/show_bug.cgi?id=958917
- https://bugzilla.suse.com/show_bug.cgi?id=959005
- https://bugzilla.suse.com/show_bug.cgi?id=960334
- https://bugzilla.suse.com/show_bug.cgi?id=960725
- https://bugzilla.suse.com/show_bug.cgi?id=961332
- https://bugzilla.suse.com/show_bug.cgi?id=961333
- https://bugzilla.suse.com/show_bug.cgi?id=961358
- https://bugzilla.suse.com/show_bug.cgi?id=961556
- https://bugzilla.suse.com/show_bug.cgi?id=961691
- https://bugzilla.suse.com/show_bug.cgi?id=962320
- https://bugzilla.suse.com/show_bug.cgi?id=963782
- https://bugzilla.suse.com/show_bug.cgi?id=964413
- https://bugzilla.suse.com/show_bug.cgi?id=967969
- https://bugzilla.suse.com/show_bug.cgi?id=969350
- https://bugzilla.suse.com/show_bug.cgi?id=970036
- https://bugzilla.suse.com/show_bug.cgi?id=970037
- https://bugzilla.suse.com/show_bug.cgi?id=975128
- https://bugzilla.suse.com/show_bug.cgi?id=975136
- https://bugzilla.suse.com/show_bug.cgi?id=975700
- https://bugzilla.suse.com/show_bug.cgi?id=976109
- https://bugzilla.suse.com/show_bug.cgi?id=978158
- https://bugzilla.suse.com/show_bug.cgi?id=978160
- https://bugzilla.suse.com/show_bug.cgi?id=980711
- https://bugzilla.suse.com/show_bug.cgi?id=980723