Описание
Security update for kvm
This update for kvm fixes the following issues:
- Address various security/stability issues
- Fix OOB access in xlnx.xpx-ethernetlite emulation (CVE-2016-7161 bsc#1001151)
- Fix OOB access in VMware SVGA emulation (CVE-2016-7170 bsc#998516)
- Fix DOS in ColdFire Fast Ethernet Controller emulation (CVE-2016-7908 bsc#1002550)
- Fix DOS in USB xHCI emulation (CVE-2016-8576 bsc#1003878)
- Fix DOS in virtio-9pfs (CVE-2016-8578 bsc#1003894)
- Fix DOS in virtio-9pfs (CVE-2016-9105 bsc#1007494)
- Fix DOS in virtio-9pfs (CVE-2016-8577 bsc#1003893)
- Plug data leak in virtio-9pfs interface (CVE-2016-9103 bsc#1007454)
- Fix DOS in virtio-9pfs interface (CVE-2016-9102 bsc#1007450)
- Fix DOS in virtio-9pfs (CVE-2016-9106 bsc#1007495)
- Fix DOS in 16550A UART emulation (CVE-2016-8669 bsc#1004707)
- Fix DOS in PC-Net II emulation (CVE-2016-7909 bsc#1002557)
- Fix DOS in PRO100 emulation (CVE-2016-9101 bsc#1007391)
- Fix DOS in RTL8139 emulation (CVE-2016-8910 bsc#1006538)
- Fix DOS in Intel HDA controller emulation (CVE-2016-8909 bsc#1006536)
- Fix DOS in virtio-9pfs (CVE-2016-9104 bsc#1007493)
- Fix DOS in JAZZ RC4030 emulation (CVE-2016-8667 bsc#1004702)
- Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE11-SP4
- Remove semi-contradictory and now determined erroneous statement in kvm-supported.txt regarding not running ntp in kvm guest when kvm-clock is used. It is now recommended to use ntp in guest in this case.
Список пакетов
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server for SAP Applications 11 SP4
Ссылки
- Link for SUSE-SU-2016:2902-1
- E-Mail link for SUSE-SU-2016:2902-1
- SUSE Security Ratings
- SUSE Bug 1001151
- SUSE Bug 1002550
- SUSE Bug 1002557
- SUSE Bug 1003878
- SUSE Bug 1003893
- SUSE Bug 1003894
- SUSE Bug 1004702
- SUSE Bug 1004707
- SUSE Bug 1006536
- SUSE Bug 1006538
- SUSE Bug 1007391
- SUSE Bug 1007450
- SUSE Bug 1007454
- SUSE Bug 1007493
- SUSE Bug 1007494
- SUSE Bug 1007495
- SUSE Bug 998516
Описание
Heap-based buffer overflow in the .receive callback of xlnx.xps-ethernetlite in QEMU (aka Quick Emulator) allows attackers to execute arbitrary code on the QEMU host via a large ethlite packet.
Затронутые продукты
Ссылки
- CVE-2016-7161
- SUSE Bug 1001151
- SUSE Bug 1001152
Описание
The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds write and QEMU process crash) via vectors related to cursor.mask[] and cursor.image[] array sizes when processing a DEFINE_CURSOR svga command.
Затронутые продукты
Ссылки
- CVE-2016-7170
- SUSE Bug 998516
Описание
The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags.
Затронутые продукты
Ссылки
- CVE-2016-7908
- SUSE Bug 1002550
- SUSE Bug 1003030
Описание
The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by setting the (1) receive or (2) transmit descriptor ring length to 0.
Затронутые продукты
Ссылки
- CVE-2016-7909
- SUSE Bug 1002557
- SUSE Bug 1003032
Описание
The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging failure to limit the number of link Transfer Request Blocks (TRB) to process.
Затронутые продукты
Ссылки
- CVE-2016-8576
- SUSE Bug 1003878
- SUSE Bug 1004016
Описание
Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O read operation.
Затронутые продукты
Ссылки
- CVE-2016-8577
- SUSE Bug 1003893
- SUSE Bug 1004021
Описание
The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) by sending an empty string parameter to a 9P operation.
Затронутые продукты
Ссылки
- CVE-2016-8578
- SUSE Bug 1003894
- SUSE Bug 1004023
Описание
The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large interval timer reload value.
Затронутые продукты
Ссылки
- CVE-2016-8667
- SUSE Bug 1004702
- SUSE Bug 1005004
Описание
The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving a value of divider greater than baud base.
Затронутые продукты
Ссылки
- CVE-2016-8669
- SUSE Bug 1004707
- SUSE Bug 1005005
Описание
The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry with the same value for buffer length and pointer position.
Затронутые продукты
Ссылки
- CVE-2016-8909
- SUSE Bug 1006536
- SUSE Bug 1007160
Описание
The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveraging failure to limit the ring descriptor count.
Затронутые продукты
Ссылки
- CVE-2016-8910
- SUSE Bug 1006538
- SUSE Bug 1007157
- SUSE Bug 1024178
Описание
Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device.
Затронутые продукты
Ссылки
- CVE-2016-9101
- SUSE Bug 1007391
- SUSE Bug 1013668
- SUSE Bug 1024181
Описание
Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) via a large number of Txattrcreate messages with the same fid number.
Затронутые продукты
Ссылки
- CVE-2016-9102
- SUSE Bug 1007450
- SUSE Bug 1014256
Описание
The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to obtain sensitive host heap memory information by reading xattribute values before writing to them.
Затронутые продукты
Ссылки
- CVE-2016-9103
- SUSE Bug 1007454
- SUSE Bug 1014259
Описание
Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via a crafted offset, which triggers an out-of-bounds access.
Затронутые продукты
Ссылки
- CVE-2016-9104
- SUSE Bug 1007493
- SUSE Bug 1014297
- SUSE Bug 1034990
Описание
Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors involving a reference to the source fid object.
Затронутые продукты
Ссылки
- CVE-2016-9105
- SUSE Bug 1007494
- SUSE Bug 1014279
Описание
Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) by leveraging failure to free an IO vector.
Затронутые продукты
Ссылки
- CVE-2016-9106
- SUSE Bug 1007495
- SUSE Bug 1014299