Описание
Security update for kvm
This update for kvm fixes several issues.
These security issues were fixed:
- CVE-2017-2620: In CIRRUS_BLTMODE_MEMSYSSRC mode the bitblit copy routine cirrus_bitblt_cputovideo failed to check the memory region, allowing for an out-of-bounds write that allows for privilege escalation (bsc#1024972)
- CVE-2017-2615: An error in the bitblt copy operation could have allowed a malicious guest administrator to cause an out of bounds memory access, possibly leading to information disclosure or privilege escalation (bsc#1023004)
- CVE-2016-9776: The ColdFire Fast Ethernet Controller emulator support was vulnerable to an infinite loop issue while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could have used this issue to crash the Qemu process on the host leading to DoS (bsc#1013285)
- CVE-2016-9911: The USB EHCI Emulation support was vulnerable to a memory leakage issue while processing packet data in 'ehci_init_transfer'. A guest user/process could have used this issue to leak host memory, resulting in DoS for the host (bsc#1014111)
- CVE-2016-9907: The USB redirector usb-guest support was vulnerable to a memory leakage flaw when destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could have used this issue to leak host memory, resulting in DoS for a host (bsc#1014109)
- CVE-2016-9921: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702)
- CVE-2016-9922: The Cirrus CLGD 54xx VGA Emulator support was vulnerable to a divide by zero issue while copying VGA data. A privileged user inside guest could have used this flaw to crash the process instance on the host, resulting in DoS (bsc#1014702)
- CVE-2017-5898: The CCID Card device emulator support was vulnerable to an integer overflow allowing a privileged user inside the guest to crash the Qemu process resulting in DoS (bnc#1023907)
- CVE-2016-10155: The virtual hardware watchdog 'wdt_i6300esb' was vulnerable to a memory leakage issue allowing a privileged user to cause a DoS and/or potentially crash the Qemu process on the host (bsc#1021129)
- CVE-2017-5856: The MegaRAID SAS 8708EM2 Host Bus Adapter emulation support was vulnerable to a memory leakage issue allowing a privileged user to leak host memory resulting in DoS (bsc#1023053)
These non-security issues were fixed:
- Fixed various inaccuracies in cirrus vga device emulation
- Fixed virtio interface failure (bsc#1015048)
- Fixed graphical update errors introduced by previous security fix (bsc#1016779)
Список пакетов
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server for SAP Applications 11 SP4
Ссылки
- Link for SUSE-SU-2017:1135-1
- E-Mail link for SUSE-SU-2017:1135-1
- SUSE Security Ratings
- SUSE Bug 1013285
- SUSE Bug 1014109
- SUSE Bug 1014111
- SUSE Bug 1014702
- SUSE Bug 1015048
- SUSE Bug 1015169
- SUSE Bug 1016779
- SUSE Bug 1021129
- SUSE Bug 1023004
- SUSE Bug 1023053
- SUSE Bug 1023907
- SUSE Bug 1024972
- SUSE CVE CVE-2016-10155 page
- SUSE CVE CVE-2016-9776 page
- SUSE CVE CVE-2016-9907 page
- SUSE CVE CVE-2016-9911 page
- SUSE CVE CVE-2016-9921 page
Описание
Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
Затронутые продукты
Ссылки
- CVE-2016-10155
- SUSE Bug 1021129
- SUSE Bug 1024183
Описание
QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Controller emulator support is vulnerable to an infinite loop issue. It could occur while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could use this issue to crash the QEMU process on the host leading to DoS.
Затронутые продукты
Ссылки
- CVE-2016-9776
- SUSE Bug 1013285
- SUSE Bug 1013657
- SUSE Bug 1024182
- SUSE Bug 1178658
Описание
Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw. It could occur while destroying the USB redirector in 'usbredir_handle_destroy'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host.
Затронутые продукты
Ссылки
- CVE-2016-9907
- SUSE Bug 1014109
- SUSE Bug 1014490
Описание
Quick Emulator (Qemu) built with the USB EHCI Emulation support is vulnerable to a memory leakage issue. It could occur while processing packet data in 'ehci_init_transfer'. A guest user/process could use this issue to leak host memory, resulting in DoS for a host.
Затронутые продукты
Ссылки
- CVE-2016-9911
- SUSE Bug 1014111
- SUSE Bug 1014507
Описание
Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS.
Затронутые продукты
Ссылки
- CVE-2016-9921
- SUSE Bug 1014702
- SUSE Bug 1015169
- SUSE Bug 1178658
Описание
The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Quick Emulator), when cirrus graphics mode is VGA, allows local guest OS privileged users to cause a denial of service (divide-by-zero error and QEMU process crash) via vectors involving blit pitch values.
Затронутые продукты
Ссылки
- CVE-2016-9922
- SUSE Bug 1014702
- SUSE Bug 1015169
- SUSE Bug 1178658
Описание
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.
Затронутые продукты
Ссылки
- CVE-2017-2615
- SUSE Bug 1023004
- SUSE Bug 1178658
Описание
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.
Затронутые продукты
Ссылки
- CVE-2017-2620
- SUSE Bug 1024834
- SUSE Bug 1024972
- SUSE Bug 1178658
Описание
Memory leak in the megasas_handle_dcmd function in hw/scsi/megasas.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) via MegaRAID Firmware Interface (MFI) commands with the sglist size set to a value over 2 Gb.
Затронутые продукты
Ссылки
- CVE-2017-5856
- SUSE Bug 1023053
- SUSE Bug 1024186
Описание
Integer overflow in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c in Quick Emulator (Qemu), when built with the CCID Card device emulator support, allows local users to cause a denial of service (application crash) via a large Application Protocol Data Units (APDU) unit.
Затронутые продукты
Ссылки
- CVE-2017-5898
- SUSE Bug 1023907
- SUSE Bug 1024307