Описание
Security update for kvm
The kvm qemu vt100 emulation was affected by a problem where specific vt100 sequences could have been used by guest users to affect the host. (CVE-2012-3515 aka XSA-17).
Also a temp file race was fixed. (CVE-2012-2652)
Security Issue reference:
Список пакетов
SUSE Linux Enterprise Server 11 SP1-LTSS
SUSE Linux Enterprise Server 11 SP1-TERADATA
Ссылки
- Link for SUSE-SU-2015:0929-1
- E-Mail link for SUSE-SU-2015:0929-1
- SUSE Security Ratings
- SUSE Bug 598271
- SUSE Bug 598298
- SUSE Bug 599095
- SUSE Bug 603161
- SUSE Bug 603179
- SUSE Bug 610682
- SUSE Bug 619991
- SUSE Bug 621793
- SUSE Bug 626654
- SUSE Bug 637297
- SUSE Bug 689895
- SUSE Bug 690781
- SUSE Bug 695510
- SUSE Bug 695766
- SUSE Bug 698237
- SUSE Bug 701161
- SUSE Bug 702823
Описание
Multiple heap-based buffer overflows in the virtio-blk driver (hw/virtio-blk.c) in qemu-kvm 0.14.0 allow local guest users to cause a denial of service (guest crash) and possibly gain privileges via a (1) write request to the virtio_blk_handle_write function or (2) read request to the virtio_blk_handle_read function that is not properly aligned.
Затронутые продукты
Ссылки
- CVE-2011-1750
- SUSE Bug 689895
Описание
The pciej_write function in hw/acpi_piix4.c in the PIIX4 Power Management emulation in qemu-kvm does not check if a device is hotpluggable before unplugging the PCI-ISA bridge, which allows privileged guest users to cause a denial of service (guest crash) and possibly execute arbitrary code by sending a crafted value to the 0xae08 (PCI_EJ_BASE) I/O port, which leads to a use-after-free related to "active qemu timers."
Затронутые продукты
Ссылки
- CVE-2011-1751
- SUSE Bug 690781
Описание
Buffer overflow in the virtio subsystem in qemu-kvm 0.14.0 and earlier allows privileged guest users to cause a denial of service (guest crash) or gain privileges via a crafted indirect descriptor related to "virtqueue in and out requests."
Затронутые продукты
Ссылки
- CVE-2011-2212
- SUSE Bug 701161
Описание
The virtio_queue_notify in qemu-kvm 0.14.0 and earlier does not properly validate the virtqueue number, which allows guest users to cause a denial of service (guest crash) and possibly execute arbitrary code via a negative number in the Queue Notify field of the Virtio Header, which bypasses a signed comparison.
Затронутые продукты
Ссылки
- CVE-2011-2512
- SUSE Bug 702823
Описание
The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host.
Затронутые продукты
Ссылки
- CVE-2011-2527
- SUSE Bug 705304
Описание
Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets.
Затронутые продукты
Ссылки
- CVE-2012-0029
- SUSE Bug 740165
- SUSE Bug 747331
- SUSE Bug 757537
Описание
The bdrv_open function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink attack on an unspecified temporary file.
Затронутые продукты
Ссылки
- CVE-2012-2652
- SUSE Bug 764526
Описание
Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space."
Затронутые продукты
Ссылки
- CVE-2012-3515
- SUSE Bug 777084
Описание
Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service (crash) via a large L2 table in a QCOW version 1 image.
Затронутые продукты
Ссылки
- CVE-2014-0222
- SUSE Bug 1072223
- SUSE Bug 877642
- SUSE Bug 950367
- SUSE Bug 964925
Описание
Integer overflow in the qcow_open function in block/qcow.c in QEMU before 1.7.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a large image size, which triggers a buffer overflow or out-of-bounds read.
Затронутые продукты
Ссылки
- CVE-2014-0223
- SUSE Bug 877645
Описание
Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set.
Затронутые продукты
Ссылки
- CVE-2015-3209
- SUSE Bug 932267
- SUSE Bug 932770
- SUSE Bug 932823
Описание
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.
Затронутые продукты
Ссылки
- CVE-2015-3456
- SUSE Bug 929339
- SUSE Bug 932770
- SUSE Bug 935900