You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa kvm

Sigurnosni nedostaci programskog paketa kvm

SUSE Security Update: Security update for kvm
______________________________________________________________________________

Announcement ID: SUSE-SU-2016:1698-1
Rating: important
References: #895528 #901508 #928393 #934069 #936132 #940929
#944463 #945404 #945987 #945989 #947159 #958491
#958917 #959005 #960334 #960725 #961332 #961333
#961358 #961556 #961691 #962320 #963782 #964413
#967969 #969350 #970036 #970037 #975128 #975136
#975700 #976109 #978158 #978160 #980711 #980723

Cross-References: CVE-2014-3615 CVE-2014-3689 CVE-2014-9718
CVE-2015-3214 CVE-2015-5239 CVE-2015-5278
CVE-2015-5279 CVE-2015-5745 CVE-2015-6855
CVE-2015-7295 CVE-2015-7549 CVE-2015-8504
CVE-2015-8558 CVE-2015-8613 CVE-2015-8619
CVE-2015-8743 CVE-2016-1568 CVE-2016-1714
CVE-2016-1922 CVE-2016-1981 CVE-2016-2198
CVE-2016-2538 CVE-2016-2841 CVE-2016-2857
CVE-2016-2858 CVE-2016-3710 CVE-2016-3712
CVE-2016-4001 CVE-2016-4002 CVE-2016-4020
CVE-2016-4037 CVE-2016-4439 CVE-2016-4441

Affected Products:
SUSE Linux Enterprise Server 11-SP3-LTSS
______________________________________________________________________________

An update that solves 33 vulnerabilities and has three
fixes is now available.

Description:

kvm was updated to fix 33 security issues.

These security issues were fixed:
– CVE-2016-4439: Avoid OOB access in 53C9X emulation (bsc#980711)
– CVE-2016-4441: Avoid OOB access in 53C9X emulation (bsc#980723)
– CVE-2016-3710: Fixed VGA emulation based OOB access with potential for
guest escape (bsc#978158)
– CVE-2016-3712: Fixed VGa emulation based DOS and OOB read access exploit
(bsc#978160)
– CVE-2016-4037: Fixed USB ehci based DOS (bsc#976109)
– CVE-2016-2538: Fixed potential OOB access in USB net device emulation
(bsc#967969)
– CVE-2016-2841: Fixed OOB access / hang in ne2000 emulation (bsc#969350)
– CVE-2016-2858: Avoid potential DOS when using QEMU pseudo random number
generator (bsc#970036)
– CVE-2016-2857: Fixed OOB access when processing IP checksums (bsc#970037)
– CVE-2016-4001: Fixed OOB access in Stellaris enet emulated nic
(bsc#975128)
– CVE-2016-4002: Fixed OOB access in MIPSnet emulated controller
(bsc#975136)
– CVE-2016-4020: Fixed possible host data leakage to guest from TPR access
(bsc#975700)
– CVE-2015-3214: Fixed OOB read in i8254 PIC (bsc#934069)
– CVE-2014-9718: Fixed the handling of malformed or short ide PRDTs to
avoid any opportunity for guest to cause DoS by abusing that interface
(bsc#928393)
– CVE-2014-3689: Fixed insufficient parameter validation in rectangle
functions (bsc#901508)
– CVE-2014-3615: The VGA emulator in QEMU allowed local guest users to
read host memory by setting the display to a high resolution
(bsc#895528).
– CVE-2015-5239: Integer overflow in vnc_client_read() and
protocol_client_msg() (bsc#944463).
– CVE-2015-5278: Infinite loop in ne2000_receive() function (bsc#945989).
– CVE-2015-5279: Heap-based buffer overflow in the ne2000_receive function
in hw/net/ne2000.c in QEMU allowed guest OS users to cause a denial of
service (instance crash) or possibly execute arbitrary code via vectors
related to receiving packets (bsc#945987).
– CVE-2015-5745: Buffer overflow in virtio-serial (bsc#940929).
– CVE-2015-6855: hw/ide/core.c in QEMU did not properly restrict the
commands accepted by an ATAPI device, which allowed guest users to cause
a denial of service or possibly have unspecified other impact via
certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command
to an empty drive, which triggers a divide-by-zero error and instance
crash (bsc#945404).
– CVE-2015-7295: hw/virtio/virtio.c in the Virtual Network Device
(virtio-net) support in QEMU, when big or mergeable receive buffers are
not supported, allowed remote attackers to cause a denial of service
(guest network consumption) via a flood of jumbo frames on the (1)
tuntap or (2) macvtap interface (bsc#947159).
– CVE-2015-7549: PCI null pointer dereferences (bsc#958917).
– CVE-2015-8504: VNC floating point exception (bsc#958491).
– CVE-2015-8558: Infinite loop in ehci_advance_state resulting in DoS
(bsc#959005).
– CVE-2015-8613: Wrong sized memset in megasas command handler
(bsc#961358).
– CVE-2015-8619: Potential DoS for long HMP sendkey command argument
(bsc#960334).
– CVE-2015-8743: OOB memory access in ne2000 ioport r/w functions
(bsc#960725).
– CVE-2016-1568: AHCI use-after-free in aio port commands (bsc#961332).
– CVE-2016-1714: Potential OOB memory access in processing firmware
configuration (bsc#961691).
– CVE-2016-1922: NULL pointer dereference when processing hmp i/o command
(bsc#962320).
– CVE-2016-1981: Potential DoS (infinite loop) in e1000 device emulation
by malicious privileged user within guest (bsc#963782).
– CVE-2016-2198: Malicious privileged guest user were able to cause DoS by
writing to read-only EHCI capabilities registers (bsc#964413).

This non-security issue was fixed:
– Fix case of IDE interface needing busy status set before flush
(bsc#936132)

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– SUSE Linux Enterprise Server 11-SP3-LTSS:

zypper in -t patch slessp3-kvm-12634=1

To bring your system up-to-date, use “zypper patch”.

Package List:

– SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64):

kvm-1.4.2-46.1

References:

https://www.suse.com/security/cve/CVE-2014-3615.html
https://www.suse.com/security/cve/CVE-2014-3689.html
https://www.suse.com/security/cve/CVE-2014-9718.html
https://www.suse.com/security/cve/CVE-2015-3214.html
https://www.suse.com/security/cve/CVE-2015-5239.html
https://www.suse.com/security/cve/CVE-2015-5278.html
https://www.suse.com/security/cve/CVE-2015-5279.html
https://www.suse.com/security/cve/CVE-2015-5745.html
https://www.suse.com/security/cve/CVE-2015-6855.html
https://www.suse.com/security/cve/CVE-2015-7295.html
https://www.suse.com/security/cve/CVE-2015-7549.html
https://www.suse.com/security/cve/CVE-2015-8504.html
https://www.suse.com/security/cve/CVE-2015-8558.html
https://www.suse.com/security/cve/CVE-2015-8613.html
https://www.suse.com/security/cve/CVE-2015-8619.html
https://www.suse.com/security/cve/CVE-2015-8743.html
https://www.suse.com/security/cve/CVE-2016-1568.html
https://www.suse.com/security/cve/CVE-2016-1714.html
https://www.suse.com/security/cve/CVE-2016-1922.html
https://www.suse.com/security/cve/CVE-2016-1981.html
https://www.suse.com/security/cve/CVE-2016-2198.html
https://www.suse.com/security/cve/CVE-2016-2538.html
https://www.suse.com/security/cve/CVE-2016-2841.html
https://www.suse.com/security/cve/CVE-2016-2857.html
https://www.suse.com/security/cve/CVE-2016-2858.html
https://www.suse.com/security/cve/CVE-2016-3710.html
https://www.suse.com/security/cve/CVE-2016-3712.html
https://www.suse.com/security/cve/CVE-2016-4001.html
https://www.suse.com/security/cve/CVE-2016-4002.html
https://www.suse.com/security/cve/CVE-2016-4020.html
https://www.suse.com/security/cve/CVE-2016-4037.html
https://www.suse.com/security/cve/CVE-2016-4439.html
https://www.suse.com/security/cve/CVE-2016-4441.html
https://bugzilla.suse.com/895528
https://bugzilla.suse.com/901508
https://bugzilla.suse.com/928393
https://bugzilla.suse.com/934069
https://bugzilla.suse.com/936132
https://bugzilla.suse.com/940929
https://bugzilla.suse.com/944463
https://bugzilla.suse.com/945404
https://bugzilla.suse.com/945987
https://bugzilla.suse.com/945989
https://bugzilla.suse.com/947159
https://bugzilla.suse.com/958491
https://bugzilla.suse.com/958917
https://bugzilla.suse.com/959005
https://bugzilla.suse.com/960334
https://bugzilla.suse.com/960725
https://bugzilla.suse.com/961332
https://bugzilla.suse.com/961333
https://bugzilla.suse.com/961358
https://bugzilla.suse.com/961556
https://bugzilla.suse.com/961691
https://bugzilla.suse.com/962320
https://bugzilla.suse.com/963782
https://bugzilla.suse.com/964413
https://bugzilla.suse.com/967969
https://bugzilla.suse.com/969350
https://bugzilla.suse.com/970036
https://bugzilla.suse.com/970037
https://bugzilla.suse.com/975128
https://bugzilla.suse.com/975136
https://bugzilla.suse.com/975700
https://bugzilla.suse.com/976109
https://bugzilla.suse.com/978158
https://bugzilla.suse.com/978160
https://bugzilla.suse.com/980711
https://bugzilla.suse.com/980723


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

 

 

   SUSE Security Update: Security update for kvm
______________________________________________________________________________

Announcement ID:    SUSE-SU-2016:1785-1
Rating:             important
References:         #895528 #901508 #928393 #934069 #936132 #940929
                    #944463 #945404 #945987 #945989 #947159 #958491
                    #958917 #959005 #960334 #960725 #961332 #961333
                    #961358 #961556 #961691 #962320 #963782 #964413
                    #967969 #969350 #970036 #970037 #975128 #975136
                    #975700 #976109 #978158 #978160 #980711 #980723
                   
Cross-References:   CVE-2014-3615 CVE-2014-3689 CVE-2014-9718
                    CVE-2015-3214 CVE-2015-5239 CVE-2015-5278
                    CVE-2015-5279 CVE-2015-5745 CVE-2015-6855
                    CVE-2015-7295 CVE-2015-7549 CVE-2015-8504
                    CVE-2015-8558 CVE-2015-8613 CVE-2015-8619
                    CVE-2015-8743 CVE-2016-1568 CVE-2016-1714
                    CVE-2016-1922 CVE-2016-1981 CVE-2016-2198
                    CVE-2016-2538 CVE-2016-2841 CVE-2016-2857
                    CVE-2016-2858 CVE-2016-3710 CVE-2016-3712
                    CVE-2016-4001 CVE-2016-4002 CVE-2016-4020
                    CVE-2016-4037 CVE-2016-4439 CVE-2016-4441
                  
Affected Products:
                    SUSE Linux Enterprise Server 11-SP4
______________________________________________________________________________

   An update that solves 33 vulnerabilities and has three
   fixes is now available.

Description:

   kvm was updated to fix 33 security issues.

   These security issues were fixed:
   – CVE-2016-4439: Avoid OOB access in 53C9X emulation (bsc#980711)
   – CVE-2016-4441: Avoid OOB access in 53C9X emulation (bsc#980723)
   – CVE-2016-3710: Fixed VGA emulation based OOB access with potential for
     guest escape (bsc#978158)
   – CVE-2016-3712: Fixed VGa emulation based DOS and OOB read access exploit
     (bsc#978160)
   – CVE-2016-4037: Fixed USB ehci based DOS (bsc#976109)
   – CVE-2016-2538: Fixed potential OOB access in USB net device emulation
     (bsc#967969)
   – CVE-2016-2841: Fixed OOB access / hang in ne2000 emulation (bsc#969350)
   – CVE-2016-2858: Avoid potential DOS when using QEMU pseudo random number
     generator (bsc#970036)
   – CVE-2016-2857: Fixed OOB access when processing IP checksums (bsc#970037)
   – CVE-2016-4001: Fixed OOB access in Stellaris enet emulated nic
     (bsc#975128)
   – CVE-2016-4002: Fixed OOB access in MIPSnet emulated controller
     (bsc#975136)
   – CVE-2016-4020: Fixed possible host data leakage to guest from TPR access
     (bsc#975700)
   – CVE-2015-3214: Fixed OOB read in i8254 PIC (bsc#934069)
   – CVE-2014-9718: Fixed the handling of malformed or short ide PRDTs to
     avoid any opportunity for guest to cause DoS by abusing that interface
     (bsc#928393)
   – CVE-2014-3689: Fixed insufficient parameter validation in rectangle
     functions (bsc#901508)
   – CVE-2014-3615: The VGA emulator in QEMU allowed local guest users to
     read host memory by setting the display to a high resolution
     (bsc#895528).
   – CVE-2015-5239: Integer overflow in vnc_client_read() and
     protocol_client_msg() (bsc#944463).
   – CVE-2015-5278: Infinite loop in ne2000_receive() function (bsc#945989).
   – CVE-2015-5279: Heap-based buffer overflow in the ne2000_receive function
     in hw/net/ne2000.c in QEMU allowed guest OS users to cause a denial of
     service (instance crash) or possibly execute arbitrary code via vectors
     related to receiving packets (bsc#945987).
   – CVE-2015-5745: Buffer overflow in virtio-serial (bsc#940929).
   – CVE-2015-6855: hw/ide/core.c in QEMU did not properly restrict the
     commands accepted by an ATAPI device, which allowed guest users to cause
     a denial of service or possibly have unspecified other impact via
     certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX command
     to an empty drive, which triggers a divide-by-zero error and instance
     crash (bsc#945404).
   – CVE-2015-7295: hw/virtio/virtio.c in the Virtual Network Device
     (virtio-net) support in QEMU, when big or mergeable receive buffers are
     not supported, allowed remote attackers to cause a denial of service
     (guest network consumption) via a flood of jumbo frames on the (1)
     tuntap or (2) macvtap interface (bsc#947159).
   – CVE-2015-7549: PCI null pointer dereferences (bsc#958917).
   – CVE-2015-8504: VNC floating point exception (bsc#958491).
   – CVE-2015-8558: Infinite loop in ehci_advance_state resulting in DoS
     (bsc#959005).
   – CVE-2015-8613: Wrong sized memset in megasas command handler
     (bsc#961358).
   – CVE-2015-8619: Potential DoS for long HMP sendkey command argument
     (bsc#960334).
   – CVE-2015-8743: OOB memory access in ne2000 ioport r/w functions
     (bsc#960725).
   – CVE-2016-1568: AHCI use-after-free in aio port commands (bsc#961332).
   – CVE-2016-1714: Potential OOB memory access in processing firmware
     configuration (bsc#961691).
   – CVE-2016-1922: NULL pointer dereference when processing hmp i/o command
     (bsc#962320).
   – CVE-2016-1981: Potential DoS (infinite loop) in e1000 device emulation
     by malicious privileged user within guest (bsc#963782).
   – CVE-2016-2198: Malicious privileged guest user were able to cause DoS by
     writing to read-only EHCI capabilities registers (bsc#964413).

   This non-security issue was fixed:
   – Fix case of IDE interface needing busy status set before flush
     (bsc#936132)

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   – SUSE Linux Enterprise Server 11-SP4:

      zypper in -t patch slessp4-kvm-12645=1

   To bring your system up-to-date, use “zypper patch”.

Package List:

   – SUSE Linux Enterprise Server 11-SP4 (i586 s390x x86_64):

      kvm-1.4.2-44.1

References:

   https://www.suse.com/security/cve/CVE-2014-3615.html
   https://www.suse.com/security/cve/CVE-2014-3689.html
   https://www.suse.com/security/cve/CVE-2014-9718.html
   https://www.suse.com/security/cve/CVE-2015-3214.html
   https://www.suse.com/security/cve/CVE-2015-5239.html
   https://www.suse.com/security/cve/CVE-2015-5278.html
   https://www.suse.com/security/cve/CVE-2015-5279.html
   https://www.suse.com/security/cve/CVE-2015-5745.html
   https://www.suse.com/security/cve/CVE-2015-6855.html
   https://www.suse.com/security/cve/CVE-2015-7295.html
   https://www.suse.com/security/cve/CVE-2015-7549.html
   https://www.suse.com/security/cve/CVE-2015-8504.html
   https://www.suse.com/security/cve/CVE-2015-8558.html
   https://www.suse.com/security/cve/CVE-2015-8613.html
   https://www.suse.com/security/cve/CVE-2015-8619.html
   https://www.suse.com/security/cve/CVE-2015-8743.html
   https://www.suse.com/security/cve/CVE-2016-1568.html
   https://www.suse.com/security/cve/CVE-2016-1714.html
   https://www.suse.com/security/cve/CVE-2016-1922.html
   https://www.suse.com/security/cve/CVE-2016-1981.html
   https://www.suse.com/security/cve/CVE-2016-2198.html
   https://www.suse.com/security/cve/CVE-2016-2538.html
   https://www.suse.com/security/cve/CVE-2016-2841.html
   https://www.suse.com/security/cve/CVE-2016-2857.html
   https://www.suse.com/security/cve/CVE-2016-2858.html
   https://www.suse.com/security/cve/CVE-2016-3710.html
   https://www.suse.com/security/cve/CVE-2016-3712.html
   https://www.suse.com/security/cve/CVE-2016-4001.html
   https://www.suse.com/security/cve/CVE-2016-4002.html
   https://www.suse.com/security/cve/CVE-2016-4020.html
   https://www.suse.com/security/cve/CVE-2016-4037.html
   https://www.suse.com/security/cve/CVE-2016-4439.html
   https://www.suse.com/security/cve/CVE-2016-4441.html
   https://bugzilla.suse.com/895528
   https://bugzilla.suse.com/901508
   https://bugzilla.suse.com/928393
   https://bugzilla.suse.com/934069
   https://bugzilla.suse.com/936132
   https://bugzilla.suse.com/940929
   https://bugzilla.suse.com/944463
   https://bugzilla.suse.com/945404
   https://bugzilla.suse.com/945987
   https://bugzilla.suse.com/945989
   https://bugzilla.suse.com/947159
   https://bugzilla.suse.com/958491
   https://bugzilla.suse.com/958917
   https://bugzilla.suse.com/959005
   https://bugzilla.suse.com/960334
   https://bugzilla.suse.com/960725
   https://bugzilla.suse.com/961332
   https://bugzilla.suse.com/961333
   https://bugzilla.suse.com/961358
   https://bugzilla.suse.com/961556
   https://bugzilla.suse.com/961691
   https://bugzilla.suse.com/962320
   https://bugzilla.suse.com/963782
   https://bugzilla.suse.com/964413
   https://bugzilla.suse.com/967969
   https://bugzilla.suse.com/969350
   https://bugzilla.suse.com/970036
   https://bugzilla.suse.com/970037
   https://bugzilla.suse.com/975128
   https://bugzilla.suse.com/975136
   https://bugzilla.suse.com/975700
   https://bugzilla.suse.com/976109
   https://bugzilla.suse.com/978158
   https://bugzilla.suse.com/978160
   https://bugzilla.suse.com/980711
   https://bugzilla.suse.com/980723


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

 

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa kwalletd

Otkriveno je da je Kwalletd ranjiv na "codebook" napad. Otkriveni nedostatak potencijalnim lokalnim napadačima omogućuje otkrivanje korisničkih lozinki. Svim korisnicima...

Close