SUSE-SU-2014:0816-1: moderate: Security update for KVM
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Wed Jun 18 11:04:13 MDT 2014
SUSE Security Update: Security update for KVM
______________________________________________________________________________
Announcement ID: SUSE-SU-2014:0816-1
Rating: moderate
References: #864391 #864649 #864650 #864653 #864655 #864665
#864671 #864673 #864678 #864682 #864769 #864796
#864801 #864802 #864804 #864805 #864811 #864812
#864814 #873235 #874749 #874788
Cross-References: CVE-2014-0150 CVE-2014-2894
Affected Products:
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Desktop 11 SP3
______________________________________________________________________________
An update that solves two vulnerabilities and has 20 fixes
is now available. It includes one version update.
Description:
Several security issues in KVM have been fixed. Some issues could have
resulted in arbitrary code execution or crash of the kvm host.
* virtio-net: buffer overflow in virtio_net_handle_mac() function
(CVE-2014-0150)
* Fixed out of bounds buffer accesses, guest triggerable via IDE SMART
(CVE-2014-2894)
*
Fixed various virtio-net buffer overflows
(CVE-2013-4148,CVE-2013-4149,CVE-2013-4150,CVE-2013-4151)
*
Fixed ahci buffer overrun (CVE-2013-4526)
* Fixed hpet buffer overrun (CVE-2013-4527)
* Fixed a PCIE-AER buffer overrun (CVE-2013-4529)
* Fixed a buffer overrun in pl022 (CVE-2013-4530)
* Fixed a vmstate buffer overflow (CVE-2013-4531)
* Fixed a pxa2xx buffer overrun (CVE-2013-4533)
* Fixed a openpic buffer overrun (CVE-2013-4534)
* Validate virtio num_sg mapping (CVE-2013-4535 / CVE-2013-4536)
* Fixed ssi-sd buffer overrun (CVE-2013-4537)
* Fixed ssd0323 buffer overrun (CVE-2013-4538)
* Fixed tsc210x buffer overrun (CVE-2013-4539)
* Fixed Zaurus buffer overrun (CVE-2013-4540)
* Some USB sanity checking added (CVE-2013-4541)
* Fixed virtio scsi buffer overrun (CVE-2013-4542)
* Fixed another virtio buffer overrun (CVE-2013-6399)
* Validate config_len on load in virtio (CVE-2014-0182)
Security Issue references:
* CVE-2014-0150
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0150>
* CVE-2014-2894
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2894>
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11 SP3:
zypper in -t patch slessp3-kvm-9302
- SUSE Linux Enterprise Desktop 11 SP3:
zypper in -t patch sledsp3-kvm-9302
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Server 11 SP3 (i586 s390x x86_64) [New Version: 1.4.2]:
kvm-1.4.2-0.15.2
- SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64) [New Version: 1.4.2]:
kvm-1.4.2-0.15.2
References:
http://support.novell.com/security/cve/CVE-2014-0150.html
http://support.novell.com/security/cve/CVE-2014-2894.html
https://bugzilla.novell.com/864391
https://bugzilla.novell.com/864649
https://bugzilla.novell.com/864650
https://bugzilla.novell.com/864653
https://bugzilla.novell.com/864655
https://bugzilla.novell.com/864665
https://bugzilla.novell.com/864671
https://bugzilla.novell.com/864673
https://bugzilla.novell.com/864678
https://bugzilla.novell.com/864682
https://bugzilla.novell.com/864769
https://bugzilla.novell.com/864796
https://bugzilla.novell.com/864801
https://bugzilla.novell.com/864802
https://bugzilla.novell.com/864804
https://bugzilla.novell.com/864805
https://bugzilla.novell.com/864811
https://bugzilla.novell.com/864812
https://bugzilla.novell.com/864814
https://bugzilla.novell.com/873235
https://bugzilla.novell.com/874749
https://bugzilla.novell.com/874788
http://download.suse.com/patch/finder/?keywords=2ef41e47e4c1105aba4dcd76e8c0e05e
More information about the sle-security-updates
mailing list